designing location services for privacy
DESCRIPTION
Privacy and security considerations for location aware services.TRANSCRIPT
Designing location services for privacy and security
Rakkhi Samarasekera
Twitter: @rakkhisLinkedin.com/in/rakkhi
rakkhis.com
Presentation Identifier.Information Classification as Needed
Step 1 – risks with location data
Step 2 – mistakes made by Google and Apple
Step 3 – designing location systems properly
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Step 1: It is a problem for some
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Does he know where you live?
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Some people should not be found
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
If you aren't doing anything wrong, what do you have to hide?
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
“If I'm not doing anything wrong, then you have no cause to watch me”
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Watch someone long enough, and you'll find something to arrest -- or just blackmail with
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Quis custodiet custodes ipsos?
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Maybe some people should not know where you are…..
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Maybe your boss shouldn’t either…
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Comfortable with location based advertising?
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Step 1 – risks with location data
Step 2 – mistakes made by Google and Apple
Step 3 – designing location systems properly
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Step 2: clearly some mistakes were made
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Consent buried in terms and conditions
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Better…
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
“Apple is not tracking the location of your iPhone”
“it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles (or just one) away from your iPhone,”
Lack of clear communication on WHAT and PURPOSE
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Unique identifiers are the enemy of anonymity
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Why upload data in real time?
Step 1 > Step 2 > Step 3Social location privacy
Apple “bug”: location tracking that won't stop…
Step 1 > Step 2 > Step 3Social location privacy
No encryption
Android v2.3 historical location data not deleted
Step 1 > Step 2 > Step 3
security
Social location privacy
Too much historical data
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed
Step 1 – risks with location data
Step 2 – mistakes made by Google and Apple
Step 3 – designing location systems properly
Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed Step 1 > Step 2 > Step 3
Consent and notice in context
Social location privacy
Presentation Identifier.Information Classification as Needed Step 1 > Step 2 > Step 3
Use only for approved purpose
Social location privacy
Encrypt personal data in storage, transit and backup
#bettersafethansony
Presentation Identifier.Information Classification as Needed Step 1 > Step 2 > Step 3Social location privacy
Presentation Identifier.Information Classification as Needed Step 1 > Step 2 > Step 3
Provide opt-out and disable
Social location privacy
Presentation Identifier.Information Classification as Needed Step 1 > Step 2 > Step 3
Simpleaccess to update and delete
Social location privacy
Presentation Identifier.Information Classification as Needed Step 1 > Step 2 > Step 3
Careful of onward transfer and third party access
Social location privacy
Recap
Presentation Identifier.Information Classification as Needed Step 1 > Step 2 > Step 3
1.Notice consent and purpose
2.Security
3.Access and onward transfer
Social location privacy
Designing location services for privacy and security
Rakkhi Samarasekera
Twitter: @rakkhisLinkedin.com/in/rakkhi
rakkhis.com