Directions Magazine
Hello. Login | Register

Articles

All Articles | Post Comment

Location Tracking: A Pervasive Problem in Modern Technology

Thursday, January 9th 2014
Comments
Classified Ads:

Summary:

Seth Shoen of the Electronic Frontier Foundation explains that transmitting any unique information unencrypted forms the technological basis for a location-tracking technology, existing or potential. And, he follows up, we must be wary.

We've just seen some amazing reports from the Washington Post about just a few ways NSA is tracking people around the Internet and the physical world. These newly-revealed techniques hijacked personal information that was being transmitted for some commercial purpose, converting it into a tool for surveillance. One technique involved web cookies, while another involved mobile apps disclosing their location to location-based services.

One interesting thing about this is that the tracking that results is totally independent of the privacy practices that apply to the intended use of this data. Google has its own privacy policies about how it uses PREF cookies, and app developers have privacy policies for their location-based services, but this spying bypassed both of them and simply used this information as grist for the surveillance mill. So the level of intrusion resulting from this spying didn't depend on what the information was meant for, but on how it was repurposed.

Together, these programs show us that transmitting any unique information unencryptedforms the technological basis for a location-tracking technology, existing or potential. Every kind of identifiable information that gets transmitted in the clear over a radio or a public network is either an already-deployed NSA location-tracking program, or an exciting opportunity for some NSA agent to propose a new program to monitor devices’ whereabouts. And it’s not just NSA: we’ve already seen commercial use of phones’ wifi and Bluetooth addresses (which are visible to anybody nearby and which normally don’t change over the lifetime of the device) to monitor shoppers.

There’s a long-term privacy solution for location tracking that can address all of these tracking methods and others. Every transmission of personally-identifiable information, over the air or over a public network, must be encrypted. If addresses can’t be encrypted, they should be random and change frequently. And personally-identifiable information must be understood to include persistent identifiers for people or devices, even if those identifiers don’t directly include a person’s name(1) For example, a unique cookie can be used to recognize a device, so it should only ever be transmitted encrypted. Even if cookies were out of the picture, there's a lot else that's unique in browser behavior that can potentially be used to track an Internet user.

The Post’s earlier report on tracking shows that fixing technology to prevent the tracking of device locations will be a challenging task. The paper's recent story on a program called FASCIA referred to literally dozens of potentially unique and distinctive things about a cell phone that the NSA might be able to observe directly on the air or by tapping into cell phone carriers’ infrastructure. That list shows many different ways in which the existing cell phone infrastructure inherently exposes unique attributes of devices, and hence inherently permits location tracking (either by carriers or by spies monitoring radio signals). We've already noticed that location tracking is an inherent part of the way today's cell phone infrastructure is put together—we can't make some simple technical change to stop mobile carriers (or governments) from being able to know where particular mobile devices. Rather, fixing this at a technical level will require re-engineering our cell phone networks, so it might take a little longer than turning on HTTPS for tracking cookies and mobile location check-ins.

On whatever timescale we can make these necessary changes, technology developers should commit to the principle that no unique user data is ever exposed unencrypted.

---------

(1) Some privacy engineers use the term uniqueness to refer to unique properties of a device or system that aren’t already associated with a particular person, or that might not ever become associated with a person in practice. For example, if a cell phone hasn’t been purchased yet, or if a transit fare collection system had a unique ID but nobody recorded or noticed who ended up using it for travel, some people would say the systems exhibit uniqueness but not personal identifiability. But it’s so easy for a device to make the one-way trip from uniqueness into an association with a person at any moment that careful privacy engineering would treat any long-term persistent uniqueness as presumptively identifying.

Reprinted from the Electronic Frontier Foundation under CC-BY- 3.0 US.

Image by William Hook  under CC-BA-SA


Did you enjoy this topic? Check out these Channels:
Google, Government

Bookmark and Share


Stay Connected

Twitter RSS Facebook LinkedIn Delicious Apple Devices Android Blackberry






Recent Comments

Data Mashups can Help Answer the World’s Biggest Questions

As the world wakes up to the power of data, we need to start working out how to join up all this information. We need to turn it into meaningful findings that will help us to make changes to the way we live. A new technique is emerging as part of this quest – the data mashup. This approach to linking data could help us shed light on phenomena such as the health impacts of climate change....

New high-resolution Satellite Image Analysis: 5 of 6 Syrian World Heritage Sites “Exhibit Significant Damage”
Is GIS Splitting?
What Grade Would Your Homepage Get?
Modeling and Simulation: AEgis Technologies Builds Core Capabilities in Era of 3D
Making Location Work for Smart Cities – the Case for Location Standards
Addresses Spark Debate
GIS is NOT a Load of Garbage
The 2014 NSGIC Annual Conference: States are Focusing on Coordination, Actions and Technology Solutions

DirectionsMag.com

About Us | Advertise | Contact Us | Web Terms & Conditions | Privacy Policy
© 2014 Directions Media. All Rights Reserved