By Andrew J. Blumberg and Peter Eckersley,
Over the next decade, systems which create and store digital records of people's movements through public space will be woven inextricably into the
fabric of everyday life. We are already starting to see such systems now, and there will be many more in the near future.
Here are some examples you might already have used or read about:
* Monthly transit swipe-cards
* Electronic tolling devices (FastTrak, EZpass, congestion pricing)
* Services telling you when your friends are nearby
* Searches on your PDA for services and businesses near your current location
* Free Wi-Fi with ads for businesses near the network access point you're using
* Electronic swipe cards for doors
* Parking meters you can call to add money to, and which send you a text message when your time is running out
These systems are marvellously innovative, and they promise benefits ranging from increased convenience to transformative new kinds of social
interaction. Unfortunately, these systems pose a dramatic threat to locational privacy.
Unfortunately, these systems pose a dramatic threat to locational privacy.
What is "locational privacy"?
Locational privacy (also known as "location privacy") is the ability of an individual to move in public space with the expectation that under normal
circumstances their location will not be systematically and secretly recorded for later use. The systems discusssed above have the potential to strip
away locational privacy from individuals, making it possible for others to ask (and answer) the following sorts of questions by consulting the
* Did you go to an anti-war rally on Tuesday?
* A small meeting to plan the rally the week before?
* At the house of one "Bob Jackson"?
* Did you walk into an abortion clinic?
* Did you see an AIDS counselor?
* Have you been checking into a motel at lunchtimes?
* Why was your secretary with you?
* Did you skip lunch to pitch a new invention to a VC? Which one?
* Were you the person who anonymously tipped off safety regulators about the rusty machines?
* Did you and your VP for sales meet with ACME Ltd on Monday?
* Which church do you attend? Which mosque? Which gay bars?
* Who is my ex-girlfriend going to dinner with?
Of course, when you leave your home you sacrifice some privacy. Someone might see you enter the clinic on Market Street, or notice that you and your
secretary left the Hilton Gardens Inn together. Furthermore, in the world of ten years ago, all of this information could be obtained by people who
didn't like you or didn't trust you.
But obtaining this information used to be expensive. Your enemies could hire a guy in a trenchcoatto follow you around,but they had to pay him.
Moreover, it was hard to keep the surveillance secret — you had a good chance of noticing your tail ducking into an alley.
In the world of today and tomorrow, this information is quietly collected by ubiquitous devices and applications, and available for analysis to many
parties who can query, buy or subpeona it. Or pay a hacker to steal a copy of everyone's location history.
It is this transformation to a regime in which information about your location is collected pervasively, silently, and cheaply that we're worried