Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

Summary: Google's Web mapping appears to be able to track your phone within feet of your actual location in yet another wrinkle in the ongoing location-based services and privacy debate. Meanwhile, the GPS Act is introduced.

SHARE:

Google's Web mapping appears to be able to track your phone within feet of your actual location in yet another wrinkle in the ongoing location-based services and privacy debate that will now hit Congress.

CNET News' Declan McCullagh reports that Google and Skyhook Wireless are linking location databases to hardware IDs and street addresses. The upshot: If someone knows a hardware ID, they may be able to find your physical address. CNET tested the location tracking with security researchers.

McCullagh adds:

Here's how it works: Wi-Fi-enabled devices, including PCs, iPhones, iPads, and Android phones, transmit a unique hardware identifier, called a MAC address, to anyone within a radius of approximately 100 to 200 feet. If someone captures or already knows that unique address, Google and Skyhook's services can reveal a previous location where that device was located, a practice that can reveal personal information including home or work addresses or even the addresses of restaurants frequented.

Creepy? You bet. However, I'll stick with my original argument after Apple wound up in the middle of a location tracking debate: Most consumers won't care. Privacy is the Web's currency and most folks will happily trade their locations for a 10 percent coupon.

Now some folks will be looking to disable these unique hardware IDs, but the majority of people won't understand enough about how this stuff works. In other words, we'll continue to be blissfully ignorant. And companies will continue to connect databases accordingly.

The big question is whether this data can be locked down. It's one thing to trust Google and Skyhook with information. It's quite another to trust some snoop.

Where's this privacy and location-based services mess headed? Most likely legislation. A bi-partisan mobile location privacy bill called the GPS Act will be introduced today to clarify the rules of engagement. The problem is that all of these legislative fixes usually carry a bunch of side effects that can also be problematic.

The GPS Act, which has been brewing since late March, aims to do the following:

  • Sets guidelines, legal procedures and protections on electronic devices and location tracking.
  • Government must show probable cause and warrant to acquire geolocational information.
  • The Act will apply to real-time tracking of person's current and past movements.
  • Creates criminal penalties for using a device to track a person.
  • Prohibits commercial service providers from sharing geolocation data with outside entities.

Setting parameters seems like a good move. You should know how your whereabouts are being collected. In the end, I'll wager that consumers fall in the blissfully unaware camp. After all, there's a location-based coupon at stake.

Topics: Legal, Google, Hardware, Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • More right than you know

    I've tried to have this conversation with some of my clients and all of the friends who own smart-enabled devices. For the most part, they don't care. It often seems that, whenever discussing security, they hear "Blah, blah, blah.." until I mention loss of funds. But, still, few of them follow through.
    DPeer
  • RE: Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

    Location based tracking of this type is not really a bad thing provided it is controlled and protected accordingly. People will trade it for a "coupon" if they really don't understand what it means or the ways is can be "abused".<br><br>This use should be spelled out as an on/off option by device and defined in some other language (english?) other than standard EULA speak.<br><br>Be interesting to see how this legislation works out.<br>Toothless? Unenforceable? Placebo? <br><br>Let the games begin! <img border="0" src="http://www.cnet.com/i/mb/emoticons/grin.gif" alt="grin"><br><br>...popcorn
    rhonin
  • RE: Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

    Apple should care about this issue, it's iPod touch product uses Google Maps, and it tracks your location by default, Google doesn't have policies to remove the location information if it's not updated in the last 10 days, as Apple does.<br><br>Google's Maps application was built and funded by CIA and other government corporations, so Apple should start to think in another Maps provider for the next version of iOS. Apple is taking care about privacy issues, but we know Google has it's own private agenda.
    Gabriel Hernandez
    • RE: Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

      @Gabriel Hernandez "Google's Maps application was built and funded by CIA and other government corporations...."

      Does your Apple's brushed aluminum function as well as a tin foil hat?
      jgm@...
  • RE: Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

    First they outlawed cloning, then human-animal hybrids, now they have the GPS Act. Why won't you people leave us mad scientists alone?!?

    "If someone captures or already knows that unique address, "

    There's the thing. Everything that uses the Internet has a MAC address. If someone's going through the process of identifying your device's MAC address, they're the problem, not Google or Skyhook or anyone else. This entity would also need to have access to Google or Skyhook's databases. In short, this isn't something your ex-girlfriend is going to do to you. Think of it this way: if someone found out your local supermarket frequent shopper card number, AND got access to your supermarket's internal databases, THEN they could know what you've been eating! Somehow I'm not losing sleep over that possibility either.
    jgm@...
    • RE: Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

      @jgm@... except it is the supermarket who is tracking your purchases (with your permission). So in this case it is Google who knows where you are. I am not loosing sleep over it either but the real question is, why do Google collect and store this info without my permission, is it safe, and how can I stop this if I want?
      pupkin_z
      • RE: Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

        @pupkin_z The CNet article linked to in this article states "Android phones with location services enabled regularly beam the unique hardware IDs of nearby Wi-Fi devices back to Google, a similar practice followed by Microsoft, Apple, and Skyhook Wireless as part of each company's effort to map the street addresses of access points and routers around the globe. That benefits users by helping their mobile devices determine locations faster than they could with GPS alone."

        However, if the wording of this is correct it's much MORE interesting. It seems to be saying that Google is having your phone use its wifi to listen for any routers or wireless devices in the area and then transmit any MAC addresses it picks up back to HQ! This is like what they were doing with their photo-taking vehicles that were also monitoring wifi and for which they got into a bit of trouble in Europe. I hate to say it, but this is the third time in a row I've read an article from one of the trio in the masthead image that seems more than a bit misleading. Yes Google can possibly tell where your phone is to within a few feet - but only because it's been using your phone to map the location of wifi hotspots! Pupkin, your phone isn't really the vulnerable device here - I don't have a smart phone, but someone else's phone in my neighborhood may have seen my home router and beamed its ID and approximate location back to Google where it's now in their databases! The idea is that with this information used either in conjunction with GPS or even without GPS your phone can come up with a more exact location for you when you need it and more quickly. That's a good idea, and if I wanted to keep the location of my router secret, I could prevent it from broadcasting its ID to the whole world. So all in all, I'm still not worried, although it might be useful to hackers.
        jgm@...
    • RE: Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

      @jgm@... THEN they could know what you've been eating! Somehow I'm not losing sleep over that possibility.<br><br>How about if it was drugs purchased and clinics visited?<br>How about psychologist's offices? Would you feel all warm and cozy if they knew all the strip joints you visit?<br>Could you get a traffic ticket if the data showed you were speeding, or driving down the wrong side of the road?<br>A nice adjunct to the red light cameras...
      fiosdave
  • RE: Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

    Dont like it.... not one bit. People just don't get it that's the only reason why they don't care.
    jessiethe3rd
  • RE: Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com" title="seslichat">sesli chat</a> <a href="http://www.yuregininsesi.com" title="seslisohbet">sesli sohbet</a>
    talih
  • RE: Mobile privacy flap take two: Starring Google, Skyhook, GPS Act

    I have a lot to learn about this issue. I have a few questions.
    1. If GPS is enabled bit google maps/latitude is no being used, is google still tracking
    my position.
    2. If a 3 party app the uses gpa (like fast food finder) is running google still recording my location

    Phoneman62
    Phoneman62