<Week 2>
Title: Location Privacy in Pervasive Computing
Last three digits of GTID: 263
Location based services have recently become very popular with ubiquitous devices like smartphones
gaining the capability to locate themselves using GPS or other techniques (cell tower triangulation or IP
to location). This has proved to be very useful since services can now customize responses taking into
account user context (location). However, this has also raised many privacy concerns since an adversary
may collect this information about individuals and use it to infer details that people would prefer to keep
private. For example, information that identifies that a user goes to a certain clinic might be valuable to an
insurance company in deciding the premium rate. What is needed is a way for users to control who can
view this information about them and to what granularity. Also, they should be able to use services with
guarantee of a degree of anonymity.
The article from the Pervasive Computing journal talks about providing this anonymity to users via the
concept of pseudonyms that frequently change so that no one pseudonym may be uniquely tied to an
individual. The authors introduce the concept of mix zones, taking inspiration from the concept of mix
networks from the field of anonymous communication. A very simplistic view of mix zones would be that
they are areas where user information (location, identity) is not divulged and it is a zone where user
pseudonyms are changed. Thus, an outside observer would see different pseudonyms enter and exit the
zone and ideally, would not be able to map ingress to egress. However, the authors acknowledge that the
solution is not quite so simple in the real world and discuss many of the problems that would be faced in
implementation, especially with a small user population and over a limited area. They also present a case
study where this technique was applied to data collected from the Active Bat system at AT&T.
The authors anticipate that their technique may prove to be more useful in a different setting such as when
using cellular phones in a larger area such a whole city but don’t explore this further so there is no
concrete proof either proving or disproving this theory. Additionally, the article doesn’t account for the
fact that users are likely to spend a lot of time in certain locations like their office desk in which case it
would be trivial for an observer to map a recent pseudonym to an individual. Thus, it is somewhat unclear
if the technique presented, while promising in theory, will prove to be very useful in the real world
considering that a lot of factors (such as the locations visited by users, the routes taken between home and
work and time spent in certain areas) do not have an equal probability distribution and may be exploited
by observers.
There are quite a few techniques available in the literature that attempt to solve the problem of protecting
privacy with respect to user location. These range from very simple but fundamental differences in the
technology (is the calculation done by the user agent, as in the case of GPS or in the environment as in the
original Active Badge system), to more complex theoretical models (kanonymity, l-diversity, mix zones
etc) that attempt to model the environment and user behavior in order to predict how user privacy might
be violated. In the opinion of this student, it is unlikely that there is a ‘silver bullet’ that will solve the
shortcomings of all of these systems. A hybrid approach that is a combination of two or more of these
approaches is the most probable solution. In addition, apart from the technological limitations, there are
also the social and political considerations – will all parties (service providers, hardware developers, users,
developers) agree on a single standard? If not, will different standards be interoperable? How much
control will users have on their devices? HCI and human factors considerations will also come into play
in deciding if solutions have been successful or not. The field appears to be wide open for researchers at
the moment.