Joint Workshop on Mobile Web
Privacy
WAP Forum & World Wide Web
Consortium
7-8 December 2000
Munich, Germany
Motorola Position
Paper
Garland Phillips (Garland.Phillips@motorola.com)
& Bill Macko (Bill.Macko@motorola.com)
Motorola Personal Networks Group
Introduction
Wireless devices, such as Mobile phones and PDAs, are increasingly
Internet enabled. This enables a wealth of new services, but also raises some
issues. The protection of user privacy is one of them.
Motorola wants to help the industry reach a privacy solution for these wireless devices. We suggest that wireless specific
issues should be considered so that the wireless solution can be part of the
overall global Internet privacy solution.
Mobile
Services
We want to enable personal services on wireless devices while still
allowing the protection of the privacy of the user.
Types of mobile services:
- location based information services
- Pull - "I am here, where is x?"
- Push - "beer tent ahead on left"
- mobile commerce
- web browsing
Goal is to enable these types of services without giving away
control of Privacy.
Expectations for
Workshop
- Raise the awareness of issues and limitations specific to mobile
devices
- Explore possible solutions for mobile privacy.
- Begin to map out scenarios and requirements for wireless
privacy
- Goal to include a wireless privacy solution within a standard
global Internet privacy mechanism
- and personally, to gain a better understanding of what we
have today (P3P).
Privacy Issues Specific to Mobile Web
Devices
- wireless device location can be determined
- user could be tracked
- user's location could be exposed
- may even be required by law enforcement
- users may roam between wireless carriers and thus connect through
foreign systems
- will privacy be protected by foreign network?
- user's phone number may be available
- device may have a fixed IP address which could be exposed
- device may have a client ID which could be exposed
- multiple users may share a device (different profiles?)
- push services are expected to be deployed
- does this present new issues?
- wireless network elements have access to private information
- proxy, location server, WAP gateway, etc.
- network may act as storage of private information (bookmarks, etc)
on behalf of mobile device
Limitations of Mobile
Devices
A privacy mechanism for wireless devices should consider that wireless
devices typically have the following limitations:
- limited CPU capability
- limited memory and storage space
- limited connection bandwidth
- high roundtrip request/response latency
- small display (tough to display privacy
information)
- better to be "opt in" rather than "opt out" because of display
size
- device may have intermittent connectivity
- communications may be expensive
- billing may be by the byte
These properties will constrain the solution space. The
privacy mechanism chosen should be bandwidth efficient and not require the
exchange of a lot of messages to accomplish. Wireless bandwidth tends to be
expensive and multiple messages raise the latency thus negatively affecting the
user experience.
Suggestions
- Ideally, the owner of the wireless device should be given complete
control of his/her personal information.
- Consider location for example, the
owner of a wireless device should be allowed to control the disclosure of
the device’s location. He/she should also be able to control the
granularity or randomness of his/her position that is provided to outside
parties.
- A wireless carrier/proxy may have access to private information.
- The owner should be in control of when and how that information is
disclosed.
- The privacy mechanism should require minimal storage in the wireless
device.
- The privacy mechanism should require minimal CPU power from the
wireless device.
- The privacy mechanism should consume little OTA communication
bandwidth.
- The privacy mechanism should not be verbose OTA.
- The privacy mechanism should not require a lot of OTA messaging
(increases expense and latency)
Thank You