Begin forwarded message:
From: Seth David Schoen <schoen@loyalty.org>
Date: August 13, 2009 10:50:14 PDT
To: David Farber <dave@farber.net>
Cc: ip <ip@v2.listbox.com>
Subject: Re: [IP] Re: Palm Pre [openly and brazenly] reporting GPS locations, app usage to Palm?
David Farber writes:From: "Richard Bennett" <richard@bennett.com>The current thinking on privacy in the US Congress isn't troubledby this, as it permits collection of personal information that'sessential to providing a service. Obviously, location information isthe enabler of "location based services," just as information aboutyour bank balance is vital to operating a cash dispenser.The most obvious place to get location information is from thetower o which your device is currently associated, and there's notriangulation needed. Fine-grained location comes from the GPS, justas it does when you're using a turn-by-turn navigation system.
I think Ethan Ackerman was concerned that triangulation might require
the _assistance of_ a carrier. Carriers can certainly perform
triangulation to find the location of a particular device, but so
can the devices themselves. I still remember the Ricochet modems
having a Hayes-style AT command which would output latitude/longitude
pairs for all the base stations within range. Although they didn't
provide signal strength, you could average them to get a pretty good
estimate of location, particularly since they were numerous and their
range was pretty small. The carrier, I expect, didn't know when or
how often you did this, or from where, or for what purpose.There are a lot of interesting issues around privacy, but this isn'tone.
Well, above you referred to "personal information that's essential
to providing a service" and said that "location information is the
enabler" of these services. In a certain sense, there's a lot of
wiggle room inside of "essential" and "enabler". Indeed, EFF, where
I work, just published a white paper about privacy and location-based
services:
http://www.eff.org/wp/locational-privacy
This paper points out that there are implementation options for many
of these services that don't require collecting as much information as
the naive implementation strategy would. And I've talked to several
location-based service implementers about this problem. Apart from the
cryptographic techniques mentioned in this whitepaper, there's often
a continuum where a service provider can know less detail about user
locations in exchange for increased storage, processing, and network
requirements on the mobile device.
For example, for a mapping application, one extreme might be Google
Maps, where an application gives a rather precise latitude and longitude
to Google and requests map tiles surrounding that location. (I know
you can also use Google Maps to look up other locations, so I'm just
talking about the case where you want your device to show a map of
where you are right now.) Another extreme is a dedicated GPS device
which is sold already containing a street map atlas for a wide area,
and which doesn't need to interactively communicate with a network at
all. The GPS device vendor, or the electronic road atlas distributor,
may know that you are likely to use the device in a certain area but
has no particular knowledge of your movements. It should also be
obvious that there are a lot of possibilities in between -- where a
device requests mapping data for a certain area (a neighborhood?
a city?) and then caches it for a long time, using it to render maps
of the local area without giving any position updates to a service
provider.
--
Seth David Schoen <schoen@loyalty.org> | Qué empresa fácil no pensar en
http://www.loyalty.org/~schoen/ | un tigre, reflexioné.
http://vitanuova.loyalty.org/ | -- Borges, El Zahir