You know where I am
Overlapping technologies track individuals and share information
As he sat near the frosted window of a Cambridge coffee shop, Andrew Blumberg’s academic look easily blended in with the crowd. A laptop computer and a steaming cup of coffee were precariously balanced on a tiny table; occasionally, Blumberg consulted an Apple iPhone pulled from a jacket pocket.
Yet Blumberg was acutely aware that he was a long way from anonymity, even though he knew no one there except a reporter he had just met.
There were many ways strangers might have identified and tracked him, Blumberg said, pointing out no less than 12 interactions that could have generated such information as he made his way to this specific spot: Darwin’s, Ltd., on the edge of Harvard Square. Had he stopped at an ATM, for example, the bank would know he had been there, and when. Had he traveled on the T, a turnstile could have noted the time and station when he swiped his pass. There were also a half-dozen technologies that could still be tracking him as he sat, he said.
Blumberg, a Boston-area native who is an assistant professor of mathematics at the University of Texas in Austin, did not appear uncomfortable with the multiple lenses focused on him. “I’m aware of the trade-offs I’ve been making for the sake of convenience,’’ he said casually.
Still, he is among a growing number of academics and tech nologists who are starting to raise concerns about what’s being called “location privacy,’’ the idea that the proliferation of mobile devices, smart cards, tracking technologies, and Internet databases is creating an environment in which citizens are under a constant threat of surveillance. As overlapping technologies and systems start sharing this information, location privacy advocates say, it will become easier for governments, employers, and interested parties to track an individual’s everyday movements.
The author of a recently published paper on the subject for the Electronic Frontier Foundation, an Internet civil liberties group, Blumberg is not surprised that most citizens are not alarmed by, or even aware of, issues relating to location privacy.
“One reason is that no legal or regulatory framework has been developed to protect this kind of privacy,’’ he said.
Another reason: People just don’t care.
“We’ve all gotten used to nothing bad happening with this kind of data,’’ Blumberg said. “In fact, when you do hear about it, it’s often being used for good: locating missing children, or tracking criminal activity. . . . That’s why we’re sort of sliding into it.’’
Yet the lack of clamorous public concern has not stopped some technologists from working on ways to protect personal privacy in a society that is increasingly connected.
One example is the CarTel research group at the Massachusetts Institute of Technology, which has been exploring ways to collect, process, deliver, analyze, and visualize data from sensors on mobile units such as automobiles and smart phones.
In one ongoing CarTel study, for example, dozens of cars in the Boston area are testing a mobile-sensor network that precisely tracks each car’s location. Researchers are using this data to, among other things, help drivers cut their commuting time by transmitting up-to-the-second information on congestion ahead.
But alongside their explorations on the frontiers of connectivity, the CarTel group is also trying to develop protocols that protect the privacy of people who may soon be monitored by similar sensor networks.
Hari Balakrishnan, a professor of electrical engineering and computer science at MIT who is a principal investigator with the CarTel group, said, “Right from the beginning, we’ve been thinking about privacy.’’
Traffic monitoring, toll collecting, auto insurance, and law enforcement are all areas where technology has enabled more powerful tracking tools, Balakrishnan said. CarTel has been investigating ways to use applied cryptography and system design to protect consumers from the excessive collection of personal location data in such scenarios.
Balakrishnan said the challenge is that each technology demands its own privacy-enabling solution.
“If there’s one thing we’ve learned, it’s that you can’t just create one protocol that will give you a layer of location privacy,’’ Balakrishnan said. “You have to create a privacy solution for each technology. Unfortunately, there’s no silver bullet, no location privacy pixie dust.’’
The dozen possible privacy compromises that Blumberg found on his way to the coffee shop could demand a dozen solutions.
According to Balakrishnan, the good news is that it’s often possible to create a technological solution that allows users to have the convenience that comes with connectivity without sacrificing privacy. The bad news is that these solutions often demand difficult cryptography and system design.
“And there’s no guarantee that a solution exists for every technology that compromises location privacy,’’ Balakrishnan warned.
Blumberg made a similar point, as he finished his coffee at Darwin’s.
“The challenge is that the easiest, cheapest way to keep this data - in databases on servers - is the most dangerous,’’ he said. “There is a substantial amount of research on how to protect this kind of data, but the problem is that it’s expensive.’’
Realistically, Blumberg said, the most that he and other privacy advocates are hoping for in the near term is to get people to “be aware of what you’re giving up’’ when they take actions that compromise their location privacy. Blumberg said that he’s also hoping that companies that collect location data will increasingly feel pressure to establish privacy policies, which may speed the implementation of technology to protect users.
In the meantime, Blumberg said, we will probably be living with only limited location privacy protections for a while.
“Because at this point you really can’t opt out of all this,’’ he said as he held up his iPhone. “It’s too convenient. Unless you’re living in a hut somewhere, you really don’t have any choice. It’s like trying to opt out of the sewer system.’’
Blumberg didn’t have to reach far for an example of a compromise he feels compelled to make.
“If I didn’t keep my cellphone on,’’ he said, “I wouldn’t have a girlfriend.’’
D.C. Denison can be reached at email@example.com.