Location-Based Services and Your Privacy

Location-based technology (LBT) refers to equipment and methods for determining the geographic location of a device, such as a mobile phone. The technology is used to provide location-based services (LBS) that use the geographic information to customize a service in some way. A common example is a Geographic Positioning System (GPS) navigation device in a car that displays a user’s current location on a map and directions to a desired destination. Location-based technology is also appearing in consumer devices such as mobile phones and portable computers. Mobile location-based services provide information or entertainment that changes depending on the location of the device. A specialized location-based service for mobile phones is enhanced 911, where location information is passed from the telephone provider to the 911 call centre during an emergency call. Canadian mobile telephone providers are supposed to complete deployment of enhanced 911 services by Feb. 2010, and this requirement is helping to drive the availability of location-based technologies in telephone networks and mobile phones.

Location-based technology and services are becoming popular very fast. A recent Gartner report predicts that the number of LBT users will double in 2009 to 96 million people worldwide. Revenue from LBS is also expected to at least double to a worldwide total of 2.2 billion (U.S.) dollars. The importance of location-based services for mobile phones is illustrated by the recent purchase of Navteq (the leading digital mapping company) by Nokia (the leading mobile phone company).

Location-based technology relies on geographic data provided by some kind of infrastructure. For mobile phones, location information can be obtained from the cellular infrastructure. By measuring which cellular antennas are closest to a mobile phone, and knowing where those antennas are located, a mobile telephone provider can use triangulation to calculate a moderately accurate location. Many modern mobile phones are also being equipped with GPS capabilities. By receiving data from a collection of orbiting satellites, GPS devices are able to calculate location information to a high level of accuracy. Also, by tracking the location information over time, GPS devices can determine the speed and direction of travel.

Location information can also be obtained from local infrastructures. Information about nearby Wi-Fi or Bluetooth networks can be used to calculate approximate geographic locations. For example, while Apple’s IPhone uses GPS technology to provide accurate location information, the IPod Touch uses Wi-Fi information to calculate approximate locations. This type of local service is important indoors where GPS and cellular services may not work properly.

Location-based technology is being used in a number of application areas. Mapping and navigation has already been discussed. Real-time traffic and weather information that is sensitive to the current location and planned route can also be provided. LBT can also be used for commerce applications, such as providing information about the closest stores or restaurants. Advertisement can also be sent to a user’s mobile phone based on their current location. Purchases could also be completed using location-based technology and a form of electronic payment – a customer would point their phone at the desired object and then authorize electronic payment. Automatic tollbooth systems that rely on low-power transmitters attached to vehicles are an example of this kind of location-based transaction.

Location-based technology can also be used for monitoring and tracking applications. Employees carrying mobile phones or vehicles in a corporate fleet can be tracked. Location-based tracking is already common for monitoring the movements of people under house arrest or other judicial restrictions. The same technology could be used to track children or senior citizens.

Although location-based services can be very valuable for the user, there are significant privacy implications. Location information is personal and private, and inappropriate use of the information can have significant negative consequences. Knowing that someone is out of town, for example, may be an invitation for criminals to rob their home. Being able to track a person’s movements may provide an opportunity for stalking. Because of these concerns, proper safeguards must be in place to protect any location information that is collected.

The most fundamental privacy issue is ownership and control of the location information. The current model is that, although it is the customer who owns with the mobile phone, the location information is owned and controlled by the telephone company. The location information is in effect sold back to the customer embedded in some kind of service. The customer then becomes subject to any agreements and terms of service that they have arranged with the telephone company, and their partners. If a customer is not happy with the service or any privacy policies involved, they may have few options. This is especially true in places where the choice of telephone companies is limited.

Another important issue for location-based services in mobile phones is consent to gather and use the information. Cellular-based location information can be collected and used by the network operator without the customer’s knowledge or consent. Also, GPS devices embedded in mobile phones are often enabled by default and, although it may be possible to turn them off, controlling the devices can be difficult. Moreover, the services enabled by the location devices can be intrusive and unwanted. For example, location-sensitive advertisements that are pushed to mobile phones and automatically displayed would raise issues of consent.

Limiting the use of location information is also a concern. A mobile telephone provider and its customers will need to reach an agreement about how the location information is used, to whom it will be disclosed, and how long it will be retained. Location information may be particularly important in legal cases where establishing a person’s location at a specific time is crucial to a case. Canadian lawmakers are currently discussing new lawful access rules and the privacy of location information records should be included in that debate.

As mentioned previously, location information can be used to monitor and control individuals and activities. Knowing where someone is at all times can be used as a method of controlling his or her life. Location information can also be used to trigger a remote control, such as disabling a device if it is moved beyond some boundary. Understanding the personal and social implications of these powers will be important as location-based technologies continue to develop.

The privacy implications of location-based services have not gone unnoticed by the mobile telephone providers. In 2008, CTIA – The International Association for Wireless Telecommunications published a set of best practices and guidelines for location-based services. These guidelines emphasized two privacy principles that should be adopted by all providers of location-based services: user notice and consent.

A number of alternative technologies and approaches are possible when considering location-based services on mobile phones. For example, the accuracy of the location information can be artificially decreased as a means to provide some level of privacy. Instead of a service provider or application knowing the exact address of a customer’s current location, knowing the general neighbourhood or city may be enough to provide a valuable service while protecting privacy. Changing the level of accuracy based on the service provider involved, the type of service, or the end-user of the location information can be a powerful technique. For example, a customer may want to let a family-tracking service know their exact location while a work-related application would only get information about their general area (e.g., what city).

Anonymity techniques can also be useful for increasing the privacy of location-based services. The technology can be configured such that a provider of location-based services gets information about a customer’s location without getting any identifying information. Thus, the service could provide directions to the nearest banking machine without knowing who the customer is. Aggregation techniques can also be used so location data is always grouped and the location of a group can be determined but not the location of individuals. This could be used, for example, in traffic alerting situations that rely on the locations and speeds of drivers on the highways. An operator of such a service does not need detailed identity, speed, and location information of each individual driver, just the aggregate information from a group near one another.

The range of location-based services that could emerge in the future is limited only by our imaginations. One use we are likely to see in the near future is digital coupons, where stores that are nearby send coupons to mobile phones. Obviously, issues about consent, intrusiveness, and privacy protections will be important in this application. Imagine receiving a graphic digital coupon as you pass a sex shop on a downtown street and then lending your phone to your children or spouse.

Location-based services will also be married with social networking applications, such as Facebook and MySpace. Such a service allows a customer to know if anyone in his or her social network is nearby geographically. One of the first instances of such a service is Google Latitude, and Google is already starting to wrestle with the privacy implications of their service. Currently, Google promises to never share location information with third parties without explicit permission. They also support privacy controls where the only people who can view location information are those explicitly included on a friends list. Google is also supporting an option to only share location information at the resolution of a city.

Location-based services can also be used to construct augmented reality systems. Here information about the local surroundings is combined with actual information to create a hybrid real/artificial display. For example, a user might wear a special pair of glasses that they look through to see the real world. At the same time, a computer system could detect their current location and overlay information about what they are looking at. For example, they might see historical information when looking at a national monument, or biographic information when looking at a statue. Such a service might also include real-time information, such as news stories about a protest that is currently taking place in a public park. The amount of detail provided by the augmented reality system and any records of what the customers look at will raise important privacy concerns.

4 thoughts on “Location-Based Services and Your Privacy

  1. Pingback: Andrew Patrick » Location-Based Services and Your Privacy | UP X Y?

  2. fitflop

    I actually use Google latitude. I think it will becoming very popular quite soon from a social perspective. I think once people once business’s start finding ways to use this to contact consumers, people may be turned off to it.

  3. Pingback: Office of the Privacy Commissioner » Blog Archive » Location, location, location

  4. Pingback: Commissariat à la protection de la vie privée du Canada » Archive de la blogue » Vous êtes ici!

Leave a new comment (all comments are moderated):

Your email address will not be published. Required fields are marked *