Transcript Document
LOCATION-BASED SERVICES Presented by Alan Reiter President, Wireless Internet & Mobile Computing [email protected] 301-715-3678 JAN. 5: LOCATION-BASED SERVICES • Precarious privacy & security pitfalls • Perhaps the major issue in location (besides how to make money!) is privacy. How can millions – billions – of people report their locations without destroying their privacy, and endangering themselves or even their possessions? What privacy and security controls already exist, and are they sufficient? This issue affects everyone from youngsters with their first cellular phones to enterprises tracking employees. A PERSONAL EXPERIENCE • How does Where know where I am? • Did Firefox really protect my location? • IP address, wireless access points to Google Location Services ANOTHER REVELATION, COURTESY OF NICOLE FERRARO • Google Profiles automatically adds Google Buzz – aaarrrgh • There’s no way out of inadvertent discovery if you don’t know a company’s policies VERTICAL-MARKET BATTLES • Previously, major disputes over GPS • Trucking • Taxis • Field service • Disputes mostly ended now • Location a fact of business POSTER BOY (COMPANY) FOR DANGEROUS POLICIES • Facebook • Too changeable • Amends policies again and again • Too confusing • Multiple services • Too numerous • Pages and pages of privacy settings FACEBOOK PLACES • Location check-ins come to Facebook • By default: Checking into a Place automatically appears on your profile, newsfeed, and stream for that Place • By default: Friends may check you into a Place without approval • Other apps may push information to Places • Booyah, Foursquare, Gowalla, Yelp GOOGLE LATITUDE • Employs Google Maps to show location of friends • Some concerns over privacy if third party gets phone • User controls • Visible citywide, but not particular street; manually update location; stop location • Accept each friend share request individually; accept but be invisible LOCATION DATA POLICIES FOR APPLE, ANDROID • For iOS, Apple and partners may use and share anonymous “precise…real time geographic data” from applications • Users may opt-out, but won’t be able to download those apps • Users also may turn off location services on devices, but Apple may still track devices in general • Google has a similar policy for Android apps WSJ: YOUR APPS ARE WATCHING YOU • Wall Street Journal highlights iPhone, Android apps that transmit user data • Location, phone number, phone ID, real name, age, gender • Examined 101 applications – 47 transmitted location • Many transmitted data to multiple advertising companies WSJ: YOUR APPS ARE WATCHING YOU • Many companies transmit phone ID, with or without consent • 45 companies didn’t post privacy policies with phone app or on Website • Marketing firms monitor apps downloaded, how frequently used, time spent within apps, how many levels within app GOOD NEWS, BAD NEWS IN THE COURTS • Good: U.S. courts rule against government’s case to obtain cellular phone location data without a search warrant • Courts rule judges may demand police, etc. obtain a search warrant before obtaining cellphone location data • Also could affect other government demands without warrants, such as for email • Bad: No warrant required by DEA to plant GPS device on a car DO LOCATION APPLICATIONS NEED A USERS’ BILL OF RIGHTS? • Electronic Frontier Foundation suggests social networking sites adopt three privacy principles • The right to informed decision-making • The right to control • The right to leave • But all social networking/location services have privacy policies • Are they strong enough? • Are they followed? SELF LOCATION • Checking in via RFID with Facebook • Facebook Presence • Attendees of F8 conference given RFID tags to check in at different locations • Tag yourself in photos, become a fan of Facebook pages. • Facebook RFID for beer KNOWINGLY, UNKNOWINGLY WE REVEAL OUR LOCATION • Our photos, our updates betray us with GPS tags THANK YOU! Alan Reiter [email protected]