Privacy for Location Dependent Information

Authors:
Janet Cerniglia (Nokia) <janet.cerniglia@nokia.com>
Margareta Bjorksten (Nokia) <margareta.bjorksten@nokia.com>
Ora Lassila (Nokia) <ora.lassila@nokia.com>

Date: 06 November 2000

Status of this document:
This is a position paper for the Joint Workshop on Mobile Web Privacy WAP Forum & World Wide Web Consortium meeting in Munich, Germany on 6-7 December 2000.

The idea of location-based services for mobile devices has already attacted the interest of companies for several years, yet, the infrastrastructure has not been in place. However, with the FCC's mandate that requires cell phones to identify callers' locations to speed 911 emergency responses, this will ensure that the enabling infrastructure will be available by 2001. Those parties who have access to this information will be able to identify the exact location of an individual handset. Companies are already planning on ways to utilize this information for applications such as:

position-enhanced yellow page services
personalized weather and traffic advisories
restaurants and businesses advertisements and discounts
navigational aids

and many others that we may not have even conceived yet.

However, what is considered an asset for companies has become a growing concern to consumers. The internet will no longer be a "virtual" world and the fear of "Big Brother" becomes a reality. Consumers do not want to be tracked or have their activities recorded. Already today, people's contact information, credit card number, social security number and surfing habits can be bought relatively easily. Combined with location information, this information becomes even more sensitive. The Pew Research Center study has shown that an overwhelming majority of Internet users (84%) are concerned about businesses or people they don't know getting personal information about themselves or their families and 54% say they are "very concerned."

Nonetheless, the internet industry has not tackled privacy issues very seriously. There are many reasons for this. The primary reasons are that the technologies which create privacy threaths are still in their infancy and there is a general lack of understanding of privacy issues within the industry. This has resulted in privacy aspects not being considered in the design phase of new systems. Furthermore, the comercial incentives to protect users' privacy are small. Instead many companies have been driven by the promise of big profits related to the use and release of customer information.

However, praying aggressively on user information and ignoring privacy concerns may prove to offer a short term benefit. Companies, that have a reputation for privacy violations, will lose consumers', stakeholders' and regulators' trust, and will have a hard time rebuilding it. This could be detrimental to the long-term health of the whole industry.

Conclusion:

Privacy protection should be incorporated into the design of the system architecture at the beginning just as security mechanisms are. Furthermore, safeguards should be implemented to ensure that the tracking of individuals' movement are not recorded and stored without the consumer's consent. Consumers should always be able to control the use of information about them by being given the option to "opt in".

Janet Cerniglia 2000-11-06