Friday, August 14, 2009

Electronic Frontier Foundation Report Warns of Losing "Locational Privacy"

Today I want to focus on a new report from the Electronic Frontier Foundation (EFF) that warns that Americans are losing their privacy as they travel through public space (i.e. "locational privacy") due to location-based technologies and services such as EZ Pass, Google Latitude and cellphones.

Before I get to the article in Security Management about the report, let me provide the definition of "Locational Privacy" (also known as “location privacy”)- as articulated by EFF:

"...the ability of an individual to move in public space with the expectation that under normal circumstances their location will not be systematically and secretly recorded for later use. The systems discussed above have the potential to strip away locational privacy from individuals, making it possible for others to ask (and answer) the following sorts of questions by consulting the location databases:

Did you go to an anti-war rally on Tuesday?
• A small meeting to plan the rally the week before?
• At the house of one “Bob Jackson”?
• Did you walk into an abortion clinic?
• Did you see an AIDS counselor?
• Have you been checking into a motel at lunchtimes?
• Why was your secretary with you?
• Did you skip lunch to pitch a new invention to a VC? Which one?
• Were you the person who anonymously tipped off safety regulators about the rusty machines?
• Did you and your VP for sales meet with ACME Ltd on Monday?
• Which church do you attend? Which mosque? Which gay bars?
• Who is my ex-girlfriend going to dinner with?


Security Management reports:

Location-based services that transmit, record, and store where a person is—such as EZ Pass, WiFi networks, transit cards, Google Latitude—can be exploited by government, business, or prying ex-lovers to track and reconstruct where people have been as they go about their daily life.

The EFF concedes that people forfeit some privacy when they go into public. However, the ability to track people as they went about their lives before the rise of such technology was extraordinarily difficult and generally quite expensive: people hired private investigators to do that work. Besides, the person being monitored had a decent shot at detecting the surveillance.

...

The upside, as the EFF contends, is that modern cryptography can design location-based services that do not collect identifiable data at all, like "electronic cash." The downside, however, is that this costs additional money that companies are reluctant to invest into the original design when not absolutely necessary.

...

The second reason companies should ensure locational privacy is to gain a competitive edge. According to the EFF, a good deal of customers will find robust privacy protections a reason to purchase one technology or service over another. Until democratic lawmaking catches up with technology, the EFF says, it's up to private companies to protect locational privacy and design systems that do not sacrifice it for expediency.

Click here to read the article in its entirety.

Now, I especially enjoyed, and what I thought particularly effective, was the way EFF ends their report, and answers the typical "you're being paranoid" blow off we privacy advocates hear all too often.

The report reads, "Another common response to worries about locational privacy is to say that law-abiding citizens don’t need privacy. “I don’t commit adultery, I don’t break the law,” people say (and tacitly, “I’m not in the closet, and I don’t belong to any non-majority religious or political groups”).

One answer to this concern is a reminder that there are more subtle reasons for needing privacy. It’s not just the government, or law enforcement, or political enemies you might want to be protected from.
Your employer doesn’t need to know things about whether, when, and where you went to church.
Your co-workers don’t need to know how late you work or where you shop.
Your sister’s ex-boyfriend doesn’t need know how often she spends the night at her new boyfriend’s apartment.
Your corporate competitors don’t need to know who your salespeople are talking to.


Preserving locational privacy is about maintaining dignity and confidence as you move through the world. Locational privacy is also about knowing when other people know things about you, and being able to tell when they are making decisions based on those facts.


Suppose that an insurance company manages to obtain a record of Alice’s movements over the past year, and decides that there is some aspect of that record which is grounds for raising her premiums or denying her coverage. The problem with that decision is not just that it is unfair, but that Alice may have no ability to dispute it. If the insurance company’s reasoning is misinformed, will Alice have a practical way of knowing that and disputing it?

Conclusion

In the long run, the decision about when we retain our location privacy (and the limited circumstances under which we will surrender it) should be set by democratic action and lawmaking. Now is a key moment for organizations that are building and deploying location data infrastructure to show leadership and select designs that are responsible and do not surrender the locational privacy of users simply for expediency.

Click here to read EFF's report.

No comments: