Mapping and privacy: Interview with Privacy International's Gus Hosein
GenderIT.org's writer, Sonia Randhawa, spoke with senior fellow at Privacy International Gus Hosein about how mobile devices and their ability to map our movements are intruding on personal privacy and individual autonomy.
Sonia Randhawa (SR):There have been privacy concerns over the mapping technology of various mobile devices, and I have seen that Privacy International has released various publications on the use of smartphones. Could you explain some of the issues here?
Gus Hosein (GH): Smartphones just provide the interface for location tracking. Even with traditional mobile telephony, it has always been possible for your service providers, such as your telecommunications company (telco), to keep track of your mobile phone, because it is necessary for service provision. Once this information was being recorded, governments introduced laws to make it mandatory for the telcos to gather and to retain this information.
Smartphones have just introduced a new interface, so it is no longer only the mobile phone company that can collect information about your location, but third parties like Facebook, Google and Foursquare have introduced services that allow them to collect this information. On top of that, it has been discovered by researchers that the mobile phone itself is collecting location data and can divulge where you've been over an extended period of time. That has been discovered particularly on devices that run on an Apple iOS (a proprietary operating system used in iPads, iPhones, etc).
SR: What are the implications of this?
GH: Well, it was freaky enough just when your mobile phone company was collecting this information. I don't think people understood that for as long as you've owned a mobile phone, your telco has been collecting information about where you've used it - and where you haven't used it actually, as they are constantly tracking where it is you are. There was a quotation recently that said a mobile phone is merely a tracking device that allows you to communicate occasionally.
Now that this capability has expanded to the level of the Googles, the Apples and the service providers like Facebook, this means your location data is accessible by more and more people. So previously, when it was just your telco, only your telephone company had access to this information, and law enforcement when they demanded this information from telephone providers, and also the occasional corrupt telephone company employee.
Now you've increased the surface area of the attack to anyone who works at Google, anybody who works for Facebook, anybody who is capable of hacking your account - and now with the Apple problem, it means that anyone who has access to your phone can know where you've been. So once you know where somebody has been over the last year or two years, you know everything that they've done.
It also increases the number of people who have access to this kind of information without your knowledge. And some of the more malicious kinds of applications that you can install on a cellphone allow for somebody to essentially install that application onto your phone and then they can track you and you would not know that they are tracking you every minute of every day.
SR: Are there commercial reasons why they're installing these applications?
GH: There are two commercial reasons why they're installing these applications. The first is aren't we all trying to be more like Facebook? Aren't we all trying to share more information? Isn't it a good thing that we're sharing information? So that's the first commercial motivation.
The second commercial motivation is a little more sinister. Look, don't you want to know where your employees are? Don't you want to know where your kids are? Because, look, it's for their own safety. And, lo and behold, someone buys the application to find out where their partner is, or where their colleagues are, where their friends are, where their ex's are. And of course all these companies hold up their hands and say 'we have nothing to do with the way the technology is eventually used, all we did was design it'.
But for what it's worth, the more responsible companies are getting a little bit better at this. I'm not about to endorse any of these companies, but I think the way that Google and Microsoft and even, I think, Apple recently have implemented location tracking is done in such a way that you have to constantly reaffirm that you are okay with being tracked by somebody. So say for a moment I let you know where I am, and because we're visiting the same town we keep on communicating where we are, but I could say tomorrow I don't want this any more. The phone will now remind me that you are tracking me, whereas in the first generation of this software I could quietly get access to your phone, install the software and it would never notify you that you were being tracked by me.
Google has also introduced an interesting innovation after they had some problems. They started to let people lie about where they actually are and that's very useful, particularly for kids. So if they're taking the day off school, they can lie to the system and say that they're at school, so their parents think they are, but they're not; that's actually very good design, I think.
But any of these services, however well designed, still introduces the ability for somebody to compel another person to be trackable, so it gives parents the ability to compel their kids to be tracked, it gives a partner the ability to compel the other partner to be tracked, and that's what's very worrying.
SR: Is there a gender dimension to this issue, or are there issues that are particularly problematic for either gender?
GH: On a more general perspective, no matter how you do it, there is always a power imbalance in any relationship, whether it is between generations, between employee and employer, or, of course, in the home. When it comes to gender issues specifically, particularly in developing countries, we have seen some worrying trends about the distribution, say, of mobile telephony - about who in the household can have access to a mobile phone. Even when, say, women in the household are granted access to a mobile phone by the dominant male, he still has ownership over that phone.
So, for instance, we were doing some work in Pakistan on medical privacy. I heard an interesting story, because women who are seeking access to health care have to ask for permission to see a doctor, so doctors are becoming a little more smart about how they communicate with the patient. They meet with the patient surreptitiously and then the doctor enters his or her telephone number on the patient's mobile phone, but they don't say this is 'GP Surgery X' (GP or General Practitioner), instead they say it's 'Sonia' (or a similar female name), so when a woman receives a text message from the GP, it doesn't come from the GP surgery, it comes from Sonia, or so it will appear – because they assume that the men in the family will have access to the phone whether it belongs to them or not, and that the women patients will need to maintain some confidentiality.
SR: In a situation like this, if the partners have access to mapping tech that adds another dimension to it. Have we seen any examples of this as yet?
GH: Coming back to the Apple example, there is a reason that the Apple problem was so sinister. Apple designed the phone to keep track of your location, but it wouldn't send that information to Apple. And in the North American / Western European context, this was not considered a massive problem or a massive privacy breach. They said, look, Apple isn't getting access to that information, it's only ever on your phone, so where is the privacy problem?
Apple finally had to admit that it was a privacy problem. The first two scenarios that come to mind that create problems for individual users are, first, in the United States it has become commonplace now, and it's going to become commonplace everywhere, that when you get stopped by the police, they search your phone. So they are able to search your phone and get physical access to your phone, and they can download all the information on that phone, including every location you've ever been to. So that practice will spread internationally.
And, second, when you start dealing with a dominant power within a home, that individual can get access to the kids' phones, the partners' phones, the wife's phones, plug them into their computer at the end of every day and find out everywhere that person has been that day or can plug it in at the end of the month, and find out everywhere that person has been for the entire month. And that's a scary prospect; individual autonomy has just evaporated.
SR: And why is it that Apple has decided that this is a problem now?
GH:Most companies usually only respond when privacy problems become front page, and that's what happened in the Apple case. Steve Jobs had to basically come out of retirement to come forward after this story became massive, and say that 'it was a problem, we are going to re-design and we're going to do this', because they were worried they would lose the confidence of their users.
The main reason is a commercial issue, that is, these companies all want to start collecting location data -- there is a lot of money to be made in collecting location data, and they want to do it without freaking everyone out. They want to be able to do it in anonymous ways, where your mobile would tell them everywhere you've been, but they don't know who you are, for instance. Then they could re-sell this information for commercial gain.
For instance, the GPS company TomTom was doing this. They were selling to the Dutch police all the information about people's movements using TomTom GPS devices. They were selling it to the police because the police wanted to know where people were speeding, so they could put up cameras or put up police stops or radar traps. And when it was discovered that TomTom was selling this information and making a good amount of money from this, people got very angry again, and TomTom had to step out - but they made a lot of money in the process, because there is a lot of value in collecting this kind of information and selling it onwards.