Real-Time Privacy


There’s some significant buzz about Google’s new Latitude service, and not all of it good. Personally, I think real-time location services have a lot of potential. But my concerns go way beyond these privacy groups, and what happens if a specific person tracks me without my permission — people can already do that quasi-legally, though it isn’t anywhere close to free.

First, one the good tidbits is that they claim the service will be coming to iPhone soon — that’s great if it means iPhone background services (IBS?) should be on the way. I mean, location service apps aren’t really useful if my location stops broadcasting when the app closes, changes, or the phone goes to sleep. I would think they’d want to periodically wake up the phone, so as not to waste my battery completely. There’s some speculation that Apple will abandon its Push technology push and move background apps off the back burner, but perhaps only for a blessed few, of which I’d normally expect Google to be one.

Of course, they other way Google can do this is if it has a hard-to-get deal with AT&T. If it had that, it wouldn’t need any software on the phone, just my phone number and a way to time packets from specific cell towers near me. Seems unlikely, as AT&T could just do that itself, if it wanted.

Anyway, here’s the main concern that even the privacy groups fail to grok. If my location history is stored for 1 week or 18-24 months, or if someone, say a government agency, has "physical" access to the raw packets Google uses to send my location around, then what we have is a way for the government to track its citizens, whether or not we invite it as a friend.

That’s probably a risk in any event, if you’re the subject of a warrant. There have been cases of GPS devices being placed on cars of suspected criminals. My concern is not with that, since it’s court ordered and theoretically for the best. My concern is with methods that catch everyone else in their net, like the unwarranted wiretapping scandal from the last administration that never quite got resolved. I just don’t see how Google or anyone could prevent mass spying on people via this kind of service, even with encryption and obfuscation — if AT&T is letting the NSA scoop everything, then that includes my location updates. And if Google stores anything, it’s subject to seizure without notifying you, just like your search histories (the seizure of which Google publicly defied — but I didn’t hear if it really won in the end…).

I do see a way out of this mess, legal and political. The key thing Google (or anyone doing this sort of thing) should do IMO is set up its terms of service such that the information it’s collecting is considered private (owned) property of the person being tracked. It can carve out whatever exemptions and waivers it needs to not get sued — I don’t care. But we need to establish that any information I create, whether directly or indirectly, is owned by me, as much as any artwork, or even this blog post (which automatically gets full copyright protection the instant I create it). Google can broker it for me, make money on it for me, taking a cut. But it’s real property, the loss of which does actual harm.

Government can of course still seize our property, but there’s a much higher bar. Google has a tremendous opportunity to help set precedent through a simple terms of service change. This is the same ToS change that Second Life made, and it’s arguably one of the most important things they ever did for their business.

But I doubt Google will follow suit. The main points of services like this are to obtain data and then only insofar as it helps make money (making money is not evil, in and of itself). Google may agree to never divulge your current location without your permission, at least to the extent it can help it, as above. But did it agree never to tell advertisers which of their ads resulted in more people going into their physical stores? Because if it can determine which ads are more effective or resulted in real, almost, or likely sales, it can charge and make more money for each ad shown, which is their bread and butter, after all.

Connecting a specific person to a specific sale might be even more lucrative, but that would more clearly count as "divulging your location" in my book at least. And it wouldn’t strictly require your real-time location if the ad view and credit card transaction can be connected by your name, for example.

More likely is that the [now-cliche] "Starbucks coupon" scenario may appear at some point — by tracking your location, you may someday agree to see ads or inducements targeted to your location, such that your view-to-purchase cycles can more anonymously be aggregated into more significant cash flow, all via your phone.

The bottom line of all of these philosophical wanderings if that for a real-time-location feature to be successful, for people to (currently) trade personal privacy for some great benefit, that benefit must be pretty strong. I guess Google will find out shortly just how strong in the next year or so.

Hey, if I had all the answers, I wouldn’t need to work for a living.

 

  1. #1 by Ira on February 7, 2009 - 9:26 pm

    We each leave dozens of computer records of our locations and activities every day as we use our cellphones, credit cards and Internet connections. Google’s Latitude takes this tech trend to the next level so family and friends can opt-in and track each other.

    It is legal for the government, with a warrant, to seize business records with personal info, and even make it public. (for example clients of Bernie Madoff, including one in my community and a bunch named “Ira”.) More troubling is when NSA computers do network analysis and listen in on phone calls and internet traffic and “gist” for words and phrases that might indicate criminal or terrorist planning. As the bad guys go high-tech I guess the good guys have to follow suit.

    Beyond that, I agree with you we each have an ownership interest in data that identifies us personally. We should be given an opportuity to opt-in and get a cut of the fees companies charge for it. Also, if any organization or person pays a fee to access our daily path and activities, we should get a free alert with *their* name and location.

(will not be published)