Ontario Privacy Commissioner Warns Of Smartphone Data Privacy Issues
THE CANADIAN PRESS - There are unintended consequences of having our smart phones and other wireless devices automatically collect data on our whereabouts, warns Ontario Information and Privacy Commissioner Ann Cavoukian.
Privacy should be designed into cellphones and Wi-Fi systems to prevent the automatic collection and storage of personal data by the devices, which only continue to grow in popularity, Cavoukian said in a special report.
Most people had no idea their location and other data were being recorded and compiled until Apple recently said its iPhone 4 tracked and stored phone location data on the user's home computers, without the user's knowledge, she said.
"We’re getting a lot more interest in the notion of embedding privacy as a default feature in the design of technology as they’re being designed, so it’s not an afterthought," Cavoukian said in an interview. "Whenever you have incidents like this with Apple, it’s a wake-up call for the rest of the industry that they’ve got to get serious about this."
There is a lot of concern about the capability of mobile systems to track our lives, without our knowledge, concludes Cavoukian's report, "Wi-Fi Positioning Systems: Beware of Unintended Consequences," which was jointly written with Microsoft's former chief architect of identity, Kim Cameron.
"It is no wonder that smart phone researchers state that today’s smart phone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data," concludes the report.
The problem with the data tracking involves the unique address of a mobile user's device, known as media access control — or MAC — address, which is collected or recorded without the user's consent.
Information, including actual geographic locations about where you visit, shop, eat and bank, is gathered by mobile phones and other Wi-Fi devices, including printers, and could be compiled into profiles of individuals with only minimal effort, warned Cavoukian.
"A big part of the issue is lack of transparency and notice to the customers that this in fact is possible, and indeed happening right now," she said. "(People should have) an ability to opt out of this if you don’t want your location data tracked."
There are already firms compiling and selling the information from smart phones to advertisers and other companies.
"Companies known as location aggregators are building and or maintaining databases of the MAC addresses of these Wi-Fi access points for commercial purposes, and provide access to third parties interested in location-based applications and learning," wrote Cavoukian. "In no case should the MAC address of an individual's mobile device be collected or recorded without the individual's consent."
Making privacy a default feature on mobile devices can protect people from unknowingly sending out personal information, said Cavoukian.
"Privacy by design is now the international standard for privacy and should be considered at the outset," she wrote. "Technologists will save a lot of trouble if they make their mobile location systems conform with reasonable expectations of privacy and security, starting now."
Turning off the global positioning system in your smart phone won't stop the location tracking data, said Cavoukian, because the systems also use wireless position systems to determine a user's location and vicinity to cell towers.
"They don’t have to rely just on GPS data," she said. "They can also rely on WPS, which arise from people’s actual cellphones and their locations."
Engineers should ensure that privacy is embedded into the architecture of various technologies and systems, added Cavoukian.
The dangers of automatically collecting data from mobile devices will only increase as the technology evolves and could turn people into "unknowing informants" about their friends, she said.
"If you have friends or family in your vicinity and they have their mobile devices turned on, then just as the wireless router will use your geo-location data and it will read your MAC address, it can also read your friends’ and family’s addresses."
Engineers can tackle these issues so it's not a matter of giving up your privacy to use wireless technology, said Cavoukian.
"You have to have both," she said. "In this day and age no one is going to give up all these technological advances, so people are reaching the erroneous conclusion they have to give up on privacy. That’s a zero sum game, and it’s fatally flawed."