• United States



Contributing writer

Every move you make…

Oct 18, 20136 mins
Application SecurityCar TechData and Information Security

Geolocation technology is convenient for you and your friends — and for those who aren't your friends

A few decades ago, it was a familiar public service announcement on American television: “It’s 10 p.m. Do you know where your children are?”

Today, thanks to geolocation, the more appropriate question, at any hour of the day or night, is: “Do you know how many people know where your children are?”

The most likely answer is somewhere between dozens and thousands, or even millions. And that applies to adults as well. While most of the news over the past several months has been about how the National Security Agency (NSA) is stealing our privacy, the reality is that private companies, our own personal digital devices and favorite networking sites are stealing it as well — or, more accurately, we are giving it up voluntarily.

Yes, there are regular warnings about the reach of the Internet: Don’t post pictures or comments for your family or friends that could come back to embarrass or haunt you in your professional life. Don’t announce that you’re leaving on vacation, or post pictures from somewhere far away and therefore advertise that your home or apartment will be vacant for days or weeks.

[Mobile shopping remains stifled by security ease of use]

But privacy experts say even if people take those precautions, the use of GPS-enabled smartphone apps, social and professional network sites and even renting a car can help companies, governments or thieves and other criminals build a “digital dossier” that paints a detailed profile of a person’s entire professional and personal life.

Ben Edelman, an associate professor at the Harvard Business School and an expert on spyware and privacy, puts it in personal terms. ” I might hesitate to tell a car rental company why I’m renting a car, what hotels I prefer to stay at, where I work, and what I like to eat,” he said. “But with geolocation they’ll know all that. They could provide that data to their insurance company, or to whatever advertisers care to buy it. Mobile phone providers and app providers can get similar data, but over an even longer period.”

Robert Siciliano, CEO of IDTheftSecurity, noted recently on the McAfee blog that apps like, “Foursquare, Facebook and Yelp allow you to check in’ at places using your mobile phone, and then share your location with friends or on social networks…It can actually be a nifty tool…like when you are trying to find directions to a place: the map begins your directions where you are, since it knows your location. Some businesses even provide discounts or freebies as a reward for checking in.”

But, the downside is that if your friends know where you are, so do people who are not your friends.

ISACA, formerly known as the Information Systems Audit and Control Association, has warned that while geolocation makes numerous new business models possible, it also introduces unprecedented new risks.

[Risk consideratins: Tracking services monitor your every move]

Ernst & Young partner Marios Damianides, a past ISACA international president, told USAToday that, “when a user’s gender, race, occupation and financial history are combined with geolocation tags, the data can be used by criminals to identify an individual’s present or future location. This raises the potential of threats ranging from burglary and theft to stalking and kidnapping.”

Rebecca Herold, CEO of The Privacy Professor, said of the four aspects of privacy – information, bodily, territorial and communications – geolocation directly affects bodily and territorial. It can let “large numbers of unknown others to know where you are and then subsequently find you and inflict bodily harm of some type. Territorial privacy is a current growing concern because of how others are tracking movements,” she said.

Indeed, even if vendors are not out to rob you, they may end up knowing much more about you than you might like.

Anita Ramasastry, wrote in FindLaw a number of years ago about a car rental company in Connecticut that tracked its customers’ speed using GPS, and if they drove 79 miles per hour or faster for two minutes, would charge them an extra $150 for “excessive wear and tear.”

The Connecticut Supreme Court threw out the policy for a number of reasons, including that the penalty was vastly more than the actual expense and was unevenly applied. But the court said nothing about the legality of the company collecting and storing that information.

That is because, as usual, the law has not kept not kept up with the march of technology. Sens. Al Franken (D-Minn.) and Richard Blumenthal (D-Conn.) filed a bill in 2011 and again in 2012 called the Location Privacy Protection Act that would have limited the collection and disclosure of geolocation information from electronic devices without the consent of the user. But it never made it to the Senate floor for a vote. A Franken aide said he intends to re-file the bill, but there is no specified timetable for it.

[The ‘autonomous,’ hackable car]

That, said Edelman, leaves consumers with a, “lack of meaningful remedies when their privacy is violated. If a company promises me that its widgets will have feature X, I can usually sue the company if that feature isn’t present or doesn’t work properly, and they’ll have to pay me damages.

“But when the company falls short in the realm of privacy – collecting more data than it was supposed to, or using or redistributing data in ways it promised it would not – courts have largely refused to impose damages,” he said.

That, experts say, means that until the law does catch up with the technology, it is up to users to protect themselves.

ISACA recommends five practices under the acronym ROUTE:

  • Read mobile app agreements to see what information you are sharing
  • Only enable geolocation when the benefits outweigh the risks
  • Understand that others can track your current and past locations
  • Think before posting tagged photos to social-media sites
  • Embrace the technology, and educate yourself and others.

Herold said it takes more than that, since simply disabling location services usually leaves RFID tags and the GPS transmitter still active. “I’m finding more and more tech savvy folks completely shutting off their smartphones to disable the services,” she said. “But in some of the newest smartphones, even complete shutdown does not result in the geolocation transmitter being shut down also.”

[Future malware could harm bytes, bone, and brain]

She recommends using, “anonymization and incognito tools whenever your actions, or use of apps, do not have a valid need for location information.”

Finally, Herold said users should demand the following from location-sharing apps: