The Information and Privacy Commissioner of Ontario announced the release of a new publication that raises and examines a number of personal privacy issues related to using mobile devices on Wi-Fi networks.
Wi-Fi Positioning Systems: Beware of Unintended Consequences can be downloaded from the Information and Privacy Commissioner of Ontario’s website.
For more information visit: www.ipc.on.ca
Unedited press release follows:
Wi-Fi Positioning Systems: Beware of Unintended Consequences
TORONTO – Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, and Kim Cameron, a leading digital identity expert, have released a new joint publication called “Wi-Fi Positioning Systems: Beware of Unintended Consequences – Issues Involving the Unforeseen Uses of Pre-existing Architecture.” In this white paper, launched at the SC Congress Canada 2011 Conference in Toronto today, Cavoukian and Cameron call for the use of Privacy by Design to protect the privacy of mobile device users.
Mobile devices are becoming more crucial in our daily lives, with people now carrying them and using them practically everywhere. Whenever an individual uses location-based services on his or her mobile device, a unique identifier of nearby traceable Wi-Fi access points called a Media Access Control (MAC) address is relayed. This raises privacy concerns because this location information may be compiled into a profile of an individual over time, such as where they have travelled to, shopped, eaten or banked.
In addition, potential unintended consequences stem from the intrinsic nature of MAC addresses that are at the core of current networked communications. For instance, with minimal time and resources, one may be able to associate MAC addresses of mobile devices to physical addresses, and then to a specific individual. Furthermore, depending on future developments, it may even be possible that individuals using geolocation services could inadvertently report the MAC address (and, simultaneously, location) of mobile devices belonging to friends, family or co-workers – creating an unintended ‘unknowing informant’ model of data collection.”
Embrace ‘Privacy by Design’ to avoid Privacy by Disaster
“Privacy must be designed into Wi-Fi positioning systems to prevent unintended consequences,” says Commissioner Ann Cavoukian. “I’ll repeat the message I gave about the Apple and Sony controversies – don’t practice privacy by chance. Companies should practice Privacy by Design – they should address privacy proactively and put control squarely in the hands of the users, where it belongs.”
Build Privacy Protection Directly into Wi-Fi
“What companies, government departments, people and systems will be able to follow our physical movements and activities, five or ten years from now? How will what they see change the way we are treated? Will individuals have any protections? That is what location technology is about,” says Kim Cameron, co-author of the paper. “When you look into this, it becomes clear that location technology must embrace our human need for privacy. In this paper we try to point to ways that can come about.”
Device Owners – Upfront Consent is Needed
The authors caution that when designing an architecture (e.g. wireless networks), the question of unintended uses, inadvertently introduced through the existence of that architecture, should form part of a privacy threat risk analysis. In no case, should the MAC address of end-user devices be collected or tracked without the consent of the owners of such devices.
About the IPC
The Information and Privacy Commissioner is appointed by and reports to the Ontario Legislative Assembly, and is independent of the government of the day. The Commissioner’s mandate includes overseeing the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health Information Protection Act, which applies to both public and private sector health information custodians. A vital component of the Commissioner’s mandate is helping to educate the public about access and privacy issues.