By Dr. Ann Cavoukian
Okay, I admit it – I would be lost without my smart phone!
Many of us are increasingly reliant on our mobile devices and the multitude of services they provide, such as interactive maps, navigation aids, contact information and social media applications.
Mobile devices run on information architectures that were initially designed to make sure that computer networks could function smoothly. But more and more, popular location-based services are using these architectures in previously unforeseen ways, and this is having a big impact on privacy. Here’s how.
Unintentionally, and often unknowingly, mobile users have become both data subjects and data collectors, helping location aggregators to update their Wi-Fi Positioning System (WPS) databases with the freshly and continuously observed SSID (the public name of a wireless network) and Media Access Control (MAC) addresses of their own and other nearby devices.
Users are inadvertently turning into ‘unknowing informants,’ as they may reveal their workplace location, conference attendance, and business client locations, along with similar information about others around them. This could impact members of their family, friends and colleagues.
Not only is this somewhat alarming, it is simply unacceptable. Privacy doesn’t have to become a casualty of the fast-growing mobile industry. By applying Privacy by Design – the approach of embedding privacy directly into the design and operation of information technologies, business practices, and networked infrastructure, right from the outset – the mobile sector can deliver both privacy and functionality.
Users of mobile devices must be able to control how their personal information is collected, used, and disclosed; providers must manage their customers’ personal information in open and transparent ways.
Current practices aren’t in synch with these principles, raising the spectre of unique identifiers being used without consumer knowledge or consent, potential unauthorized disclosure to third parties, and in turn, potential secondary uses of personal information.
These issues are explored in our recent paper, Wi-Fi Positioning Systems: Beware of Unintended Consequences. We argue strongly that potential unintended uses of mobile systems must form part of the privacy threat/risk assessment, right from the outset, and that privacy must be built directly into protocols for location-based technologies.
The mobile industry is young, with location-based applications in their infancy.
This is why it is vital that we engage in creative thinking now about how to embed privacy into the system architecture. If we don’t, our privacy could be at risk, as well as business reputations, and product brands and services. This is the classic lose-lose scenario.
In contrast, the Privacy by Design approach offers the opportunity to engage these new technologies in a win-win strategy, supporting full functionality while preserving individual privacy as a core requirement of the system. Device manufacturers, OS/platform developers, network providers, application developers/data processors, and users all have an important role to play.
I urge them to embrace Privacy by Design, address privacy proactively, and put control squarely in the hands of the user, where it belongs.