Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
2Activity
0 of .
Results for:
No results containing your search query
P. 1
EFF Locational Privacy

EFF Locational Privacy

Ratings: (0)|Views: 28 |Likes:
Published by AxXiom
On Locational Privacy, and How
to Avoid Losing it Forever
On Locational Privacy, and How
to Avoid Losing it Forever

More info:

Published by: AxXiom on Sep 28, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/16/2010

pdf

text

original

 
On Locational Privacy, and Howto Avoid Losing it Forever
ByAndrew J. Blumberg,blumberg@math.stanford.eduPeter Eckersley,pde@eff.org August 2009
 
 1
ELECTRONIC FRONTIER FOUNDATIONEFF.ORG
On Locational Privacy,and How to Avoid Losing it Forever
Over the next decade, systems which create and store digital records o people’s movementsthrough public space will be woven inextricably into the abric o everyday lie. We are alreadystarting to see such systems now, and there will be many more in the near uture.Here are some examples you might already have used or read about:
•Monthlytransitswipe-cards•Electronictollingdevices(FastTrak,EZpass,congestionpricing)Cellphones•Servicestellingyouwhenyourfriendsarenearby•SearchesonyourPDAforservicesandbusinessesnearyourcurrentlocation•FreeWi-Fiwithadsforbusinessesnearthenetworkaccesspointyou’reusing•Electronicswipecardsfordoors•Parkingmetersyoucancalltoaddmoneyto,andwhichsendyouatextmessagewhen
your time is running outTese systems are marvellously innovative, and they promise benefts ranging rom increased
conveniencetotransformativenewkindsofsocialinteraction.
Unortunately, these systems pose a dramatic threat to locational privacy.
What is “locational privacy”?
Locational privacy
(alsoknownas“locationprivacy”)istheabilityofanindividualtomovein
public space with the expectation that under normal circumstances their location will not besystematically and secretly recorded or later use. Te systems discusssed above have the poten
-tialtostripawaylocationalprivacyfromindividuals,makingitpossibleforotherstoask(andanswer)thefollowingsortsofquestionsbyconsultingthelocationdatabases:•Didyougotoananti-warrallyonTuesday?•Asmallmeetingtoplantherallytheweekbefore?•Atthehouseofone“BobJackson”?•Didyouwalkintoanabortionclinic?•DidyouseeanAIDScounselor?
 
2
ELECTRONIC FRONTIER FOUNDATIONEFF.ORG
•Haveyoubeencheckingintoamotelatlunchtimes?•Whywasyoursecretarywithyou?•DidyouskiplunchtopitchanewinventiontoaVC?Whichone?•Wereyouthepersonwhoanonymouslytippedosafetyregulatorsabouttherustymachines?•DidyouandyourVPforsalesmeetwithACMELtdonMonday?•Whichchurchdoyouattend?Whichmosque?Whichgaybars?•Whoismyex-girlfriendgoingtodinnerwith?Ofcourse,whenyouleaveyourhomeyousacricesomeprivacy.SomeonemightseeyouenterthecliniconMarketStreet,ornoticethatyouandyoursecretarylefttheHiltonGardensInntogether.Furthermore,intheworldoftenyearsago,allofthisinformationcouldbeobtainedbypeoplewhodidn’tlikeyouordidn’ttrustyou.Butobtainingthisinformationusedtobeexpensive.Yourenemiescouldhireaguyinatrenchcoattofollowyouaround,buttheyhadtopayhim.Moreover,itwashardtokeepthesurveillancesecret—youhadagoodchanceofnoticingyourtailduckingintoanalley.Intheworldoftodayandtomorrow,thisinformationisquietlycollectedbyubiquitousdevicesandap-plications,andavailableforanalysistomanypartieswhocanquery,buyorsubpeonait.Orpayahacker
to steal a copy o 
everyone’s
location history.
Itisthistransformationtoaregimeinwhichinformationaboutyourlocationiscollected
 pervasively
,
silently
, and
cheaply
that we’re worried about.
 Threats and opportunity
Somethreatstolocationalprivacyareovert:it’sevidenthowcamerasbackedbyface-recognitionsoft-warecouldbemisusedtotrackpeopleandrecordtheirmovements.Inthisdocument,we’reprimarilyconcernedwiththreatstolocationalprivacythatariseasahiddenside-eectof
clearly useul
location-
based services.
Wecan’tstopthecascadeofnewlocation-baseddigitalservices.Norwouldwewantto—thebenetstheyoerareimpressive.Whaturgentlyneedstochangeisthatthesesystemsneedtobebuiltwithprivacyaspartoftheiroriginaldesign.Wecan’taordtohavepervasivesurveillancetechnologybuilt
into our electronic civic inrastructure by accident. We have the opportunity now to ensure that thesedangers are averted.Our contention is that the easiest and best solution to the locational privacy problem is to build sys
-
tems which
don’t collect the data in the frst place
.issoundslikeanimpossiblerequirement(howdowetellyouwhenyourfriendsarenearbywithoutknowingwhereyouandyourfriendsare?)butinfact
as we discuss below it is a reasonable objective that can be achieved with modern cryptographic tech
-niques.Moderncryptographyactuallyallowscivicdataprocessingsystemstobedesignedwithawhole
spectrum o privacy policies: ranging rom complete anonymity to limited anonymity to support law
enforcement.Butweneedtoensurethatsystemsaren’tbeingbuiltrightatthezero-privacy,everything-is-recordedendofthatspectrum,simplybecausethat’sthepathofeasiestimplementation.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->