Mobility became part of our personal liberty. Also the market noticed this trend in geo-development and reacted with an increasing availability of location based services that mainly run on our mobile devices. These services enrich our mobility experiences, but at the same time concern our privacy, when service providers are now capable of continuously tracking the location of a user. During a travel I recently was having an interesting discussion about internet security and privacy issues in geo-applications. Although it is not a new concern, I remained surprised hearing that every German email is read by, indeed, U.S. authorities, and not Germans. Triggered by the conversation I decided to write an article about the privacy side of the highly exploding location service sector and mainly refer to an article I found from authors of Yale University/Bell Laboratories/Texas University.

One of the core weak points of a location based service is the service itself, far before the other components of the localisation and communication that e.g. can be rendered secure by using direct signals instead of radio-based localisation or blind signature. However, a safe location based service implies the use of a trustful server. Trustful servers are undesirable for mainly three reasons: (1) many providers do not want to bear the liability that comes with a trustful server, (2) many users are not willing to trust a third party, which may deter the adoption of many location based services and (3) a single trusted server may get a single point of attack and in this case compromise many users’ privacy. We can extract two main scenarios of privacy loss derived from the previous points. In the first one, the service directly transfers the users’ location information to entities, while the second type of service executes calculations that require the input of (user) location(s) and once they are introduced into the system will reveal spatial information on the user (just think of a dating service where you introduce a desired location to find somebody). Knowing this, you can imagine that lots of information ends up in third hands, is stored, analysed (market analysis based on location related activities) and used for diverse purposes.

The retrieved information goes far beyond personal privacy. In my opinion, the often stated argument that national security comes before the personal privacy, for instance in the case of tracking criminals and terrorists, does not legitimate that data from everybody is mistreated and used for unwished and unauthorised purposes. However, the authors of the article developed protocols for the mentioned scenarios, in order to prevent from location information disclosure. For the first case, they created a protocol that enables the user to decide which entity can retrieve the user location and for the second one they developed a protocol that accomplishes the desired computations without revealing the users’ location (applying cryptographic operations, direct signals, etc.). They tested their prototypes for a number of practical applications and found that the protocols are suitable for personal mobile devices, in order to protect users’ privacy. Hence, form the technology point of view we would have the possibilities to provide secure services in terms of user privacy. But, in fact it needs the will, demand and persistancy of the user community to be practically implemented.

I wrote this article not to provoke panick, but to inform and make aware of privacy issues concerning technologies that we regularly use. When you buy something from a supermarket you might be interested what is inside your product. The same accounts for the location based services: I think we should be informed about what we frequently use and be aware of the consequences it might have, in order to finally not end up as market and money driven users.

Source:

“Privacy-Preserving Location-based Services for Mobile Users in Wireless Networks”, paper by Sheng Zhong , Li (Erran) Li , Yanbin Grace Liu , Yang Richard Yang, (2004)