Skip Links

You Are Here: Scary New Location Privacy Risks

By Bill Snyder, CIO
June 28, 2010 02:54 PM ET

CIO - Location-based services on a mobile phone are terrifically helpful when you need to find a nearby business or directions to the freeway. They're also terrifically helpful to advertisers, government agencies and even stalkers who can use them to track your every move.

[Google now faces a multiple-state privacy investigation regarding its Street View data collection effort. For more on the privacy brouhaha, see this backgrounder and timeline. ]

"If you are publishing your location to the world, anyone, including a stalker or a thief or the government or an advertiser or anyone else, can go and look at that information, and hence, the threat," says Kenneth Bankston, an attorney with the Electronic Frontier Foundation.

The danger isn't just theoretical. At the SchmooCon security conference in Washington D.C. last winter, a hacker demonstrated an application that tricks a user into clicking on a poisoned link and then surreptitiously downloads a spyware program that tracks the smartphone's exact location. The results are displayed as an overlay on a Google map on the hacker's Web site, says Mike Greide, a security researcher at Zscalar who witnessed the demo.

That code, he says, has since been made public and is now on the Web for anyone to use. With a little effort, it could be adapted to work on iPhones or Android-based devices, Greide told me.

Less overtly threatening, but still invasive, are privacy holes created when social networking sites share information with third parties such as advertising and analytics companies. "I may not intend it, but once I check in with a mobile social networking site it's quite possible that the whole world will then know where I'm at," says Craig Wills, a professor of computer science at the Worcester Polytechnic Institute, who has studied the issue of "privacy leakage" from social networking sites. (More about Prof. Wills's work in a bit.)

What Your Phone Says About Your Locale

And don't think that your basic cell phone, which doesn't have a GPS function, won't give you away. It will, since it's always in touch with cell phone towers, whose location can give away yours via triangulation. And once again, the threat is not theoretical.

Last year, the FBI obtained secret permission (but didn't actually get a warrant) to monitor the location of 180 cell phones in the course of an investigation into a bank robbery, according to a court filing by the American Civil Liberties Union and the Electronic Frontier Foundation. The difference between the order obtained by the FBI and a warrant isn't just a technicality. Obtaining a warrant requires a much higher standard of proof that a crime has been committed or will be in the near future.

The government's contention that warrants aren't needed to monitor the location of cell phone users disturbs me, and it apparently disturbed U.S. Circuit Judge Dolores Sloviter who said this during a court hearing in Philadelphia: "You know there are governments in the world that would like to know where some of their people are or have been. Can the government assure us that it will never try to find out these things?" she asked.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News