This page contains a Flash digital edition of a book.
PRIVACY MATTERS with Dr. Ann Cavoukian


CONCERNS M


MOBILE


Proliferation of smart phone devices has spawned newfound businesses related to location-based services, which in turn has brought individual privacy concerns into how data is collected, used and disclosed to the forefront


obile devices are becoming ubiqui- tous in our daily lives. People are now virtually glued to them — carrying them practically everywhere they travel. Increasingly, we expect our smart mo- bile devices to perform a multiplicity of tasks, as well as offer us services ranging from interactive maps and navigation aids to social media applications. These serv- ices are operated via sophisticated geo-lo- cation software, some of which use Wi-Fi positioning systems that rely on wireless access points for location coordinates. With the explosion of location-based services, the initial information architec- tures that were developed to ensure the smooth functioning of computer networks and connectivity are now being used in previously unforeseen ways that have an enormous impact on privacy. Location ag- gregators have invested significant re- sources to develop a comprehensive Wi-Fi Positioning System (WPS) — databases that contain the geo-location of Wi-Fi ac- cess points in urban areas. The use of such databases has been commercialized by providing access to third parties interested in location-based applications and adver- tising. Intense public scrutiny has recently been brought to bear on the capability of such mobile systems to track individual users, without their knowledge or consent. As a result of the evolution in how the mobile infrastructure is used, individuals who carry mobile devices (seemingly everyone) have become both data sub- jects and, inadvertently, data collectors, helping location aggregators to update their WPS location databases with freshly and continuously observed Media Access Control (MAC) addresses of not only their own, but also others’ nearby devices.


12 SECURITY MATTERS • FALL 2011


and operation of information technologies, business practices and networked infra- structure, right from the outset is a reliable, cost-effective approach to delivering both privacy and functionality.


Ultimately, in their role as ‘unknowing informants,’ people who use mobile de- vices may reveal information, such as their own workplace location, conference atten- dance and business client locations, as well as similar information about other people’s mobile device users around them. Within the mobile space, information privacy is predicated on providing mobile device users with personal control re- garding how their personal information is collected, used and disclosed, alongside openness and transparency on the part of the provider.


Current practices raise a


host of potential privacy concerns, ranging from a lack of knowledge or consent on the part of the mobile device user re- garding the use of their unique identifier, the possibility of unauthorized disclosure of information to third parties, and poten- tial secondary uses of the information. And yet, in my view, privacy need not become a casualty of the large and growing mobile industry.


many other sectors has demonstrated that embedding privacy directly into the design


This theme is explored in a paper I re- cently released with identity architect, Kim Cameron, entitled, “Wi-Fi Positioning Systems: Beware of Unintended Conse- quences.” In it, we argue that it is essen- tial that potential unintended uses form part of the privacy threat/risk assessment of new technologies at the outset, and that privacy must be built into protocols for location-based technologies. For ex- ample, in no case should the MAC ad- dress of an individual’s mobile device be collected or recorded without the indi- vidual’s consent.


Location-based applications are still in their early stages of development. It is critical that we engage in creative thinking about how to embed (from the outset) privacy di- rectly into the system architecture. Failure to do so will ultimately result in damage to busi- ness reputations, product brands and serv- ices and, of course, individual privacy. This is the classic lose-lose scenario.


It is my sincere hope that public concern about the privacy implications of mobile technologies will serve as a wake-up call for the mobile sector to address privacy proac- tively — putting control squarely in the hands of the users, where it belongs.


Dr


. Ann Cavoukian, Ontario’s Information and Privacy Commissioner


, is recognized Experience in


as one of the leading privacy experts in the world and the


originator of the concept of Privacy by Design (www.privacydesign.ca).


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40