Location privacy is getting a fair bit of attention at the moment and I was quite interested to read this blog about how informed users need to be about applications that use your smarphone’s AGPS to determine location information.
To briefly cover the basis of how location positioning uses AGPS on modern smartphones: a phone’s GPS module often needs “assistance data” to help it determine an accurate location “fix” to represent your position on a digital map. This assistance data is provided via an internet connection (e.g over 3G) which downloads additional positional information, called “Assisted GPS” to the phone’s location software to help it determine its position in conjunction with the standard GPS based data which the phone is reading over direct radio with whichever satellites are “in view” directly above.
Generally four satellites are needed to determine a position accurate to about 50 metres. With AGPS, the phone’s software can determine a Time to First Fix (TTFF) more quickly and potentially more accurately than relying on GPS signals alone. In urban environments AGPS is crucial to providing a sound service experience. For assistance data to be effective the smartphone’s location software must take signal strength readings and collect data from local WiFi networks as well as local cell towers. This data is uploaded over the Internet to the service provider’s AGPS and using some highly sophisticated algorithms with a stored base of geo-coded WiFi networks, a user position can be accurately calculated, usually to within 20 metres.
The interesting point about using WiFi network signals to help provide assistance data is that a massive database of geo-coded WiFi networks is needed for it to be used as an effective positioning service. This database needs to be centralised and in the control of a company providing a location service. With a comprehensive “geo-database” of referenced WiFi signals in place it represents a hugely powerful positioning tool to support mapping and other mobile locations services. The use of location services in city environments has become very important. There are now a multitude of location-based applications which depend on fast and accurate positioning and WiFi Positioning Systems or (WPS) have become the most important basis for supporting these new applications. WPS has now become so efficient and accurate that in urban environments GPS is generally not required.
The two companies regarded as having the largest geo-database of WiFi signals are Skyhook Wireless and Google. Both obtain this data by “war driving” which involves slowly driving a specially equipped vehicle through every relevant street picking up every WiFi signal, geo-coding it and storing to a central database. Needless to say, collecting and formatting this raw geo-data is a hugely expensive affair and deploying a service based on this technique has already brought Google and Skyhook into conflict.
As well as war driving there is a less costly method to acquiring positioning data which involves the phone passively collecting readings of local WiFi networks, recording them to a database on your phone with a geo-coded reference which is uploaded as raw geo-data to a central server maintained by a service provider or device manufacturer.
Apple, Google and Nokia’s Ovi are the probably the most recognizable names that use this technique. To use it effectively these companies need exclusive control of the geo-coding API on the smartphone and actively prevent other services other than their own from using it. The amount of data that is stored will be dependent how often you use any type of location service on your smartphone. Gradually and over time, this technique builds a highly effective geo-database of WiFi networks, cell tower information and GPS co-ordinates.
The issue with this “crowd sourcing” technique is that it is much less well known and the service providers that use it to obtain raw geo data and build a large geo-database would rather you were not aware you are actively assisting them in doing this because you might want to question what this data is being used for and what is the risk of your privacy being violated.
Modern smartphones have become very powerful geo-coding devices capable of storing historical data based on the different signals the device has recorded when it is in use. Combine this with the availability of so many WiFi networks whose signals can be instantly geo-coded and smartphones have become the ideal geo-referencing medium which service providers of mapping applications are using to build and refine their central geo-database.
Currently, there are no rulings or good practice guidelines that instruct the service provider on what they are not allowed to do with this data and this is one key reason why fears arise over for the potential abuse of user location data. The privacy concern with this type of location service is when does actual geo-data become private information? Companies that deploy crowd-sourcing will swear blind it is only ever used to improve the quality of their service, and not to generate user “profiles” which monitor an individual’s movements.
Once the application has obtained the location information from the smartphone platform API, that data is pushed to a server in the control of the service provider. You can be assured that the data is accompanied by a date and time stamp plus will be referenced with some sort of user ID and stored for analysis at some later date. Does this overstep the imaginary line or is this just good business practice to understand how customers are using the service?
User data is very different to user information. The data becomes information when it is manipulated to provide some new context on how the individual is behaving which is effectively user profiling. When a company crosses this line without informing the individual concerned we can say quite emphatically that the individual’s privacy has been violated. The issue is we trust these companies not to go down this route but in reality we are powerless to stop them so is this in itself a necessary cause for concern and warrants the need for control? …Unfortunately, the nature of the technology implies there is virtually no basis for control.
If we want to control the availability of user data then we have to identify with whom the responsibility resides to ensure there is no risk to our privacy being violated. Identifying whom this might be is not straightforward since it could be down to any of the following:
1. The service provider that delivers the location service (such as Google Maps or Nokia’s Ovi Maps)
2. A 3rd party supplier of the raw geo-data that is used by the application to enable positioning (such as Skyhook)
3. The application store that initially sold you the service (such as Ovi or Android Market)
4. The mobile network operator that provided the smartphone
5. The mobile device manufacturer (such Apple, Motorola or Nokia)
6. The mobile software platform (such as Android, Apple iOS or Symbian)
7. The user who downloads the service and accepts the End User License Agreement
As we can see, the basis for identifying responsibility is extremely fragmented and exacerbated even further when you realise that each of these players will be governed or regulated differently according to the country in which they’re based.
Since comprehensive guarantees covering all parties are largely impossible, self-regulation is perhaps a good common sense route forward to provide assurances at some level. The principle way in which self regulation can help avert consumer mistrust is by major service providers taking the initiative and being entirely open about how user location data is used. The problem here is that no one firm is leading by example and being open with the way in which user data is being managed. This is largely because by being open, the company is potentially exposing itself to unwanted scrutiny.
By having no basis to protect user privacy through regulation we instinctively look to the major service providers for assurances. The ultimate assurance would be more openness on their part on how this data is used and specifically to provide guarantees that personal profiling is not used. However rather than actually being more open, the service providers prefer to avoid explicitly talking about personal data and say instead they have adopted a dogma that would never allow them to behave in an “evil” way.
With no real assurances from the major service providers we therefore have to establish our own understanding of the risks. This means we need better awareness of the technology that enables these services because this technology has quickly become standardised for most types of mobile phones. In a technology sense, privacy violation is down to the use of a specific API on the smartphone which will listen for, then geo-code received WiFi signals without the user knowing anything about it. Access to this API by a third-party service is regulated by the platform provider so some element of user protection is already in place but this does not always result in full privacy protection. Mobile location services are becoming increasingly widespread and sophisticated so if location privacy is an issue for the future then better general awareness today of how location technology is being used is not such a bad thing and will help users better understand the real risks with using mobile location services.