Comment by codedokode
8 years ago
So basically either give up your right for privacy or don't use any new technology? That doesn't look practical. A better idea would be to ban cell carriers (and anyone else) from using location data for anything except explicitly permitted by law, like help in emergencies or conducting investigations.
What would be most effective would be a pair of rules in tandem:
1. Allow the location data to be utilized by the cellular carrier only for legitimate engineering purposes relevant to the delivery of the cellular services. (The network needs to know your location in real time in order to route calls to you.) Also, allow the use of real time location data for emergency services in response to an emergency call. Potentially also allow the use of emergency services initiated real time locations, with a non-suppressible UI required to be presented to the user if this is performed.
2. Require that the cellular service providers purge / NOT retain this location data for any longer than is literally required to provide proper service.
The data retention policy #2 item here is essential in preventing temptation to come up with end-runs for the first rule. It's important that historic data that has no legitimate use under rule #1 not be preserved so that there isn't a mound of accumulating data of theoretically increasing value if only we could change / get rid of rule #1. That sort of thing will create ever mounting incentive to repeal / replace rule #1.
> The network needs to know your location in real time in order to route calls to you.
At least for GSM, that isn't as true as you say it. It only needs to know in wich group of cells you are, as as re-registering with each cell change was deemed too heavy on the battery, and they rather page for your phone in the entire location area.
Likewise, triangulation requires the phone to send something, which means that you can notice that, and also that continuous triangulation will drain your battery.
(Which brings up the question of how often and how smartly google sends updates for the traffic density map.)
For communications technology: yes, that seems to be the norm.
Don't like the rules of the road, don't drive.
Don't like that your data goes over a third-party's network to get to its destination, don't put your data on a third-party's network.
Bans "by law" only work until the people making the law become people interested in your location and they change the law.
Doctors for example are not allowed to tell everyone about your health problems. I don't see why the same rules cannot work for telecoms.
So basically either give up your right for privacy or don't use any new technology?
I think this is probably correct.
The problem with the ban you suggest is that it will degrade service in many instances. Some level of location tracking is necessary for all cellular phones to make a smooth handoff between towers or for example to load balance connectivity between different towers.
In the end the more personalized the service you want to have, the more "invasive." Opt in is probably the best total solution, however it quickly becomes an education game if you want it to be effective, and most people don't have the time or technical understanding to put up with a dozen different opt ins.
Uh, not really. They can still utilize location data to make smooth handoffs and the other services you mention without bending us over and fucking us with a rusty chainsaw.
They do not need to sell location data to other parties in any way, shape, or form.
A better idea would be to ban cell carriers (and anyone else) from using location data for anything except explicitly permitted by law, like help in emergencies or conducting investigations.
That doesn't do anything to protect your data from being accessed by the State, which is actually the bigger problem.
If it does great harm for the state to have this data, and also great harm for the cell carriers to have this data...
Why thwart one great harm yet happily tolerate the other?
Does it cause "great harm" for private businesses to have access to this? I'm not sure sure. After all, there is a qualitative difference between the State, which employs men with guns and arrogates to itself the right to use force to impose its will on people, the right to jail people, etc.
If Starbucks knows my location, they can send me a coupon if I enter a Dunkin' Donuts store. If the State knows my location they can falsely accuse me of a murder that I just happened to be near the location of and - if I'm unlucky or have a bad lawyer - execute me for it.
That's not, of course, to say that there aren't some cases where a private business having access to my location could have a deleterious effect. But here's the rub: if you rely on regulation to prevent those cases, you're right back to needing to trust the State, which is - IMO - a foolish proposition.
4 replies →
Whataboutism. Yes, there is a bigger problem. No, that should not prevent us from solving the smaller problem first. With regard to the bigger problem, we build checks and balances in the legal system.
That doesn't mean banning corporations from exploiting your location is a bad idea, even if it's not the optimal privacy-enabling solution.
I don't think we want an outright ban. I certainly have the right to allow a corporation to access my location if I choose to. There may be cases where an individual would judge it in their interest to allow a corporation to have such access.
The problem with the current setup is that we don't know who's gaining access, when they're gaining it, what they're doing with it, etc. Once the cell carriers have it, there's no easy way of knowing who they are selling the data to, and who that entity sells it to in turn, and so on.
Sadly, I don't see a good way to resolve this at the moment. If you use a cell-phone the carrier can always get your (at last approximate) location through triangulation. And regulation only makes sense if you trust the State, and I would like to think we've all learned better than to do that by now. So what do we do?
Define me the following then about the metadata:
Who does your cell phone's location belong to?
Who does the tower's connection data belong to?
Who does the multitude of tower signal strengths belong to?
Who does the user's cell phone data belong to if allowing multiple apps to use it?
Answer: User's location data belongs: to the user, 3rd party apps they have allowed, and terrestrial cell companies that run towers with the appropriate frequencies for your phone.
The technology isn't the right area to change it. In the end, you're doing stupid stuff with encryption and still emitting point-source radiation that can and will be triangulated.
The best option would be to require the data be properly anonymized before being stored, used, or sold. That way the companies can still sell it for profit, the buyers can still gain useful insights from the data, and the users location is not available to anyone with enough money.
I'm not sure how possible it is to anonymize that kind of data in a way that prevents it from being deanonymized, or how useful the anonymized data would be to the buyers, but this seems like a better solution than a blanket ban to me.