The importance of keeping people's location private has been an issue for quite some time now. The crux of the matter is actually that location-tracking services rely on third parties to trackpeoples’ location, such as mobile telephone service providers, which make it seem more intrusive than position-aware services. The fact that a third party is tracking their location makes people nervous. Or how would you feel if you think your employer is tracking you and not just your service provider?

When it comes to location tracking of mobile devices, users are most concerned about who collects and makes use of the information. We all know that our mobile devices have GPS, pinpointing our location, we know that our operating system makes that information available to applications in a common language and the applications make that information useful to us, such as figuring out where we are, or have to go to, or getting a discount through location-aware advertising. But, with a growing number of organizations involved in the process of making all information useful, it starts to become dubious if all that can be kept safe and protected from abuse. To be more precise, the question comes up: “Who is responsible for respecting people’s privacy and ensuring that data captured is treated with respect - particularly location data?“

Not only are there multiple agendas at play, given that hardware needs one thing, operating systems something else, app developers something different again. On top of that we have multiple platforms to think about, besides the fact that technology is changing fast: new apps are coming out on different platforms on a daily basis and we’re rapidly moving towards a location-aware world where everything around us is coming to life not just in front of our eyes, but on our devices too.

So what to do or can be done?

Making use of location datatouches upon delicate privacy issues, since it enables verifying someone‘s location without the person's consent. Strict ethics and security measures are strongly recommended for services that employ positioning, and the user should be giving an informed, explicit consent to a service provider before positioning data from the user's mobile phone can be computed.

In Europe, where most countries have a constitutional guarantee on the secrecy of correspondence, location data obtained from mobile phone networks is usually given the same protection as communication itself. The United States, however, has no explicit constitutional guarantee on the privacy of telecommunications, so use of location data is limited by law. In Germany, even obviously criminal intent may not be inferred by such means, although technically possible. Officially, only authorities (like the police) can obtain permission to position phones in emergency cases, in contrast to the current U.S laws that allow tracking suspects – even access a mobile phone's internal microphone to eavesdrop on local conversations while the phone is switched off. By the way, this is a technology that China proposed to use to track commuting patterns of Beijing city residents.

Protect yourself

One implication of LBS is that data about a subscriber's location and historical movements should be owned and controlled by the network operators, including mobile carriers and mobile content providers. Beside the solution of a legal framework several technical approaches to protect privacy exist, using privacy-enhancing technologies (PETs), such as basic on/off switches to sophisticated anonymization techniques, which are e.g. offered by Google Latitude. Another set of techniques included in the PETs are the location obfuscation techniques, which slightly alter the location of the users in order to hide their real location while still being able to represent their position and receive services from their LBS provider.

Fact is that smartphone devices tend to go with their owners wherever they are and increasingly becoming a payment device, too. But why should smartphone users make use of a trackable black box that makes them feel uncomfortable due to security and location-tracking issues inherent in such transactions? To give the development of the mobile payment industry a push forward, we definitely have to find a good answer to the question.

Debates sparked last year after monitoring software installed on millions of smartphones had been discovered. In the US the proposal was triggered that carriers and phone makers must inform consumers about the presence of monitoring software and gain their "express consent" before collecting and transmitting information from phones. Although all manufacturers say that this software is used only as a diagnostics tool to improve network and service performance, congressmen started denouncing the use of it and class-action lawsuits were filed, followed by a draft legislation that would require disclosure of monitoring software when a consumer buys a mobile phone. This legislation would in addition prevent manufacturers from collecting and transmitting information unless consumer consent is obtained, and would outline security policies companies would have to follow when receiving personal information from smartphones.

While Apple and Google claim they’re doing what they can to respect user privacy on smartphones, legislation is planned to make sure that customers get protection from third-party app programmers as well, asking both companies to clarify their location-data collection methods. Representatives from each company explained then that their mobile devices are collecting data on nearby Wi-Fi access points and cell towers to transmit to a comprehensive location database, which improves the accuracy and speed of location-based services for customers. They added that the data is anonymized, meaning it cannot be tied to a customer’s personal identity. The only problem is that neither Apple nor Google have imposed a formal privacy policy on app developers, demanding a privacy policy to ensure that companies must disclose what customer information is being shared, with whom, and how, for each app. A number of third-party apps, which collected and shared customer information unrelated to the services they provide, have already been discovered.

A combination of appropriate technology, education and an opt-in processes,  making sure that companies get explicit consent from users in order to share their location data, is probably the best solution. On top it can’t hurt to reconsider what level of privacy is actually needed and desired by users, don’t you think?

By Daniela La Marca