Wednesday, December 29, 2010

In response to G.

| Oops, my replay was too long for a comment, so it gets its own post.

G'day G,

You are quite correct that the mobile phone networks already have a wealth of this kind of data available to them.

I am not exactly sure why it hasn't proved such a problem but I think it is partly because they are not at liberty to sell the information at will, they are easily subject to regulation (being rather large and few in number) and they have never been in a position to convince the consumer that it is in the consumers' interests to let the telcos commercially exploit the information. I am also reasonably sure that law enforcement officials don't have carte blanche access to the data, although I don't claim to understand this area very well.

WiFi data is a little different because it is, by its nature in the public domain and there is not necessarily any direct contract in place between the consumer and harvester of the consumer's location data. There will no doubt be indirect relationships at some point, but it may be via chain of third parties.

With the advent of technologies like Four Square, consumers can now see direct benefits for themselves in location based services and are willingly using them for the direct benefits they derive from those services. Platform providers, such as Google, have taken advantage of this and implemented relatively open APIs because if they didn't, their competitors would.

One can hope that ethics will prevent Google taking the next step to client-level tracking APIs but such hopes have been misplaced in the past (e.g. w.r.t. FaceBooks continually slipping privacy standards).

I was quite frankly surprised how easy it was to reverse engineer my location from my access point's MAC address. It's not such a big deal when the MAC address is fixed because at the end of the day, so is my home address.

It starts to become a very big deal when my MAC address starts following me about since everyone from my nearest and dearest to complete strangers could use that information to reverse engineer my travels simply by firing up a WiFi device in my vicinity at some point in time and then getting access to the relevant database.

With regard to your second point, the problem is that if you use WiFi you can't prevent your MAC address leaking to any co-located WiFi device - even those that you are not communicating with. If you communicate, your MAC address will be exposed to anyone pre-disposed to collect it. If commercial entities start paying people to collect this information, it will be collected. Other people will be paid to correlate MAC addresses with your identity and then the picture is complete.

Now, I guess one defence against this might be pervasive deployment of MAC address randomisers on mobile WiFi devices. Geeks with a sufficiently open platform can do this for themselves. The average iPhone user won't be able to protect themselves like that unless the Government tells Apple they have to enable it.



Post a Comment

<< Home