The Risks and Regulation of Location
24 Pages Posted: 22 Jan 2012
Date Written: August 15, 2010
Abstract
In the last ten years, concerns about location privacy have evolved from an academic topic that struggled to justify concerns about security to a mainstream issue that is affecting consumers, businesses and the legal system. Much of this proliferation of concerns arises from telecommunication and mobile computing platforms. Smart phones and GPS-assisted devices play an increasing role in people’s lives, and the technology of precise and easily obtained location information has imbued mobile and social media with location in advance of the public knowing how that information will be used and fully grasping the implication of pervasive location information. Furthermore, social media sites such as Twitter, Facebook, Foursquare, Buzz and many others have adopted location as a key part of the information they communicate. While social networks are not critical parts of the communication landscape, they are used by hundreds of millions of people who are only beginning to understand the potential problems with providing easily accessible location information to an industry with a checkered history of transparent privacy policies. At the same time, telecommunication networks use GPS, assisted GPS and other location technologies to enhance localization as a necessary part of the Emergency-911 services. On an increasing basis, consumers’ location information is being distributed with and without their knowledge. To what extent are users of these new technologies exposing themselves to identity attacks through sharing location information?
How can consumers understand and control how and when their information is being used or distributed and who has access to it?
In this paper, we briefly describe the technologies that underlie location-based services, their access and the notion of how location can be linked or inferred from multiple sources. We then survey common visible and hidden uses of location services, including social networks and emergency services. The technical community has developed a number of methods to hide or mask locations to provide a degree of anonymity while still preserving the benefit of location services. We briefly survey those methods and the “threat models” they seek to counter. We then describe threat models, or disclosures of location information, not commonly considered by the research community and their implications.
We lastly turn our attention to the policy implications of these technologies and the potential concerns that they present in terms of user privacy and safety. The technical community has long used automated policy descriptions to inform users about how their data will be used, but these mechanisms do not address location privacy. We theorize that it may be possible to enhance these methods to support location services based on some of the threat models that researchers have specified, but that broader concerns about location privacy can not rely on technical solutions and will need to rely on both education, good corporate citizenship and regulation.
Suggested Citation: Suggested Citation