Caution: Some cell phone services can reveal location

by Larry Magid

Imagine a world where you can be tracked anywhere you go. A decade ago that would have seemed like a paranoid delusion, but thanks to GPS-enabled cell phones and other technologies, it’s more or less the way things now are.

Many of today’s cell phones are equipped with global positioning systems that are capable of pinpointing your exact position. Soon, thanks to Federal Communications Commission (FCC) rules, all phones will be able to transmit your location. The question isn’t whether you can be found, but how that information will be used and who will have access to it.

The FCC’s Wireless 911 rules require that all U.S. cell phones be equipped with a global positioning system (GPS) or other technology so that emergency personnel can locate people who call 911 from their mobile phone. When the system is fully implemented, 911 operators will know your longitude and latitude, which is a good thing if you need help and can’t report your exact location.

But there’s nothing in the rules that say that the technology can only be used for emergency services. In fact, there are numerous commercial services that are already piggybacking on this E911 location technology. And it’s not just cell phones that can track your location. Laptop PCs, PDAs, Internet phones and other WiFi (wireless networking)-enabled devices can also be used to locate you, thanks to a company that’s mapped out the location of millions of wireless Internet adapters around the US.

While there are benefits to these technologies, there are also dangers. It’s a bit scary to think about what could happen if these technologies were misused by stalkers, pedophiles, jealous spouses, nosy employers or overzealous government agents.

Location-based services (LBS) represent at least a $750 million market in 2007, according to David H. Williams, publisher of LBS Globe.com. Williams expects that market to grow by 75 to 100 percent in the next two years. In addition to emergency 911, LBS services include fleet tracking, navigation, child finding, local search, self-guided tours, finding lost elderly people and “social mapping.”

Social mapping allows people to use their cell phones and PCs to broadcast their location so others can find them. So far there are only a few companies in the cell phone social mapping business including Loopt and Helio. (Disclosure: Loopt is one of several sponsors of a non-profit social networking safety project I work with called ConnectSafely.org.)

Loopt, which is based in Palo Alto, Calif., offers a service on the Boost Mobile cellular network that allows users of these prepaid phones to locate their friends on a map that appears on their cell phone screen. There are now about 150,000 users on the Boost service, according to Loopt Vice President Mark Jacobstein. But Loopt is slated to grow and will soon launch with several major carriers.

Here’s how it works. All phones that work with Loopt are equipped with GPS and other technologies that plot the user’s position. If the phone has a clear line-of-site view of the sky, the GPS sensors can get signals from three or more of the 24 GPS satellites in orbit. If it’s being used indoors or where there isn’t a clear view of the sky, the phone, with the aid of servers located at Loopt, tries to calculate the user’s position based on its proximity to one or more cell phone “towers” or antennas. If the phone can connect to one antenna, it can calculate a very rough approximation of the user’s position to within a few miles. If it gets a signal from two antennas, it can hone in much further, but if it’s in touch with three or more cell sites it can plot almost the exact location by measuring the distance from each site and using a process known as “triangulation” to find the users within a pretty close range.

Once the phone knows the user’s location, it uses the phone’s data channel to transmit that data to Loopt’s servers. Then other Loopt users who have your permission to find you can see your location on their cell phone screen or on the Web.

The service can also be configured to issue an alert to find friends that are nearby, so you could, for example, be notified if a friend is within, say, a half mile of you. Likewise you can send out an invitation to all friends within a specified radius to join you at a bar or restaurant.

It doesn’t take a great deal of imagination to think about how a service like this could be misused. There is also the issue of “Big Brother,” whether that is the government or an employer who could use the technology to know the location of anyone with a company-issued phone, even when they’re off duty.

Loopt is strictly a permission-based service, so for someone to track you, you must enter their phone number and you can withdraw or suspend that permission at any time. Also, you can only invite people whose phone number you know — you can’t browse for “friends” as you can with some social networks. And, if someone does abuse the service, there is an electronic evidence trail that includes their phone number. Finally, Jacobstein said that Loopt deletes a users’ location information as soon as they move to a new location, so there is no history of their whereabouts that could get into the hands of a hacker or even a law enforcement agency or an attorney with a subpoena or a warrant.

Helio, which is something of a boutique cell phone company, offers its customers a similar service called “Buddy Beacon.” As an extra safety feature, Helio doesn’t allow tracking. Users must beam their location each time they want someone to know where they are.

Both Helio and Loopt have been vetted by major cellular carriers, which provides a bit of assurance that the services will be responsibly managed, but there is the possibility of other companies entering this market without cooperation from major carriers, and as Skyhook Wireless has shown, there are ways to track people using technologies other than cell phones.

Skyhook Wireless uses WiFi to plot users’ locations. The Boston-based company hired people to drive by offices, businesses and homes in about 2,500 towns and cities throughout the United States using special sensing equipment to pick up the signals from WiFi devices. Once their equipment receives a WiFi signal, it maps that network’s unique MAC (media access control) address along with the street address where it’s located. It doesn’t matter if the WiFi connection is public, private, open or encrypted, because Skyhook doesn’t access the network itself but merely receives the signal that identifies the device. Such signals are openly available even if the access point is encrypted.

Skyhook users have a WiFi adapter in their device PC, but don’t need to be using it. You could, for example, be sitting at home or at a coffee shop, not even using that wireless network and receive coordinates that track your location. To transmit that information to others, however, you will need some type of Internet connection.

Skyhook already has a deal with AOL to power the AIM Location service so that “your buddies can show you where they’re hanging out” (and vice versa). AIM users can download a small plug-in that locates you based on your proximately to nearby hotspots and transmits that information to any buddies with the plug-in that you’ve allowed to see it. Like Helio and Loopt, this is strictly an opt-in service. You must download the software, configure it to work and tell it with whom you want to share your location information.

Skyhook’s stated privacy policy assures users that the company “can not, does not and will not track your location” and that “any queries to determine location are made in the blind and are not paired with any personally identifiable information.” The company further states that “the only time your location and identity are paired is when you voluntarily elect to enter the username/password for a ‘friend finder’ service such as AOL Locator or Where.com.”

That’s all well and good, but it’s not an iron-clad guarantee that nothing will go wrong. Whether it’s WiFi, a cell phone or another technology, there is always a possibility that the information can somehow get into the wrong hands.

One could imagine the possibility of a hack attack or a corrupt insider leaking information, but the most likely scenario is that a user will either be careless about the people they permit to know their location or that they will be tricked into making someone a friend who isn’t really a friend. There is also the possibility of a friend becoming an ex-friend and misusing location information.

And this is exactly why members of the location services industry met with Washington policy makers and other stake-holders at the April 25 event that was sponsored by the Internet Education Foundation. Although no formal proposals came out of that meeting, there was discussion about “best practices” — industry guidelines — to protect users as well as the need to educate people about how to use this technology safely. Loopt, for example, has a safety page with advice, including a question to help you determine whether your friend is truly trustworthy: “Would you give them your keys to feed your dog or water your plants?”

It’s déjà vu all over again. Technology keeps changing, which means we have more things to look out for. But one thing remains the same. A little common sense and some critical thinking can go a long way towards keeping us safe.

Share Button
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply