If you have Wi-Fi turned on, the previous whereabouts of your computer or mobile device may be visible on the Web for anyone to see, reports C/Net
C/Net’s Declan McCullagh says Android phones with location services enabled regularly beam the unique hardware IDs of nearby Wi-Fi devices back to Google. A similar practice is followed by Microsoft, Apple, and Skyhook Wireless as part of each company’s effort to map the street addresses of access points and routers around the globe.
That benefits users by helping their mobile devices determine locations faster then they could with GPS alone.
Only Google and Skyhook Wireless, however, make their location databases linking hardware IDs to street addresses publicly available on the Internet, which raises novel privacy concerns when the IDs they’re tracking are mobile. If someone knows your hardware ID, he may be able to find a physical address that the companies associate with you–even if you never intended it to become public.
According to C/Net, Wi-Fi-enabled devices, including PCs, iPhones, iPads, and Android phones, transmit a unique hardware identifier, the MAC address, to anyone within a radius of approximately 100 to 200 feet. If someone captures or already knows that unique address, Google and Skyhook’s services can reveal a previous location where that device was located,
“I was surprised to see such precise data on where my laptop–and I–used to live,” says Nick Doty, a lecturer at the University of California at Berkeley who co-teaches the Technology and Policy Lab. Entering Doty’s unique hardware ID into Google’s database returns his former home in the Capitol Hill neighborhood in Seattle.
A bi-partisan mobile location privacy bill called the GPS Act will be introduced today to clarify the rules of engagement. Larry Dignan of ZDNet says the problem is that all of these legislative fixes usually carry a bunch of side effects that can also be problematic.
The GPS Act aims to do the following:
- Sets guidelines, legal procedures and protections on electronic devices and location tracking.
- Government must show probable cause and warrant to acquire geolocational information.
- The Act will apply to real-time tracking of person’s current and past movements.
- Creates criminal penalties for using a device to track a person.
- Prohibits commercial service providers from sharing geolocation data with outside entities.
Android devices appear to take one privacy-protective step that Apple iPhones do not, says C/Net: they randomize their MAC address when acting as hot spots, using a range of addresses that are marked as unassigned.
Mike Shean, co-founder of Skyhook Wireless, which filed a patent infringement lawsuit against Google over its mapping technology last year, says if a MAC address is an access point, whether it’s an iPhone or a Linksys router, “we would collect it.”
Both Apple’s iPhones and Google’s Android smartphones regularly transmit their locations back to Apple and Google, according to data and documents analyzed by The Wall Street Journal.
Google and Apple are gathering location information as part of their race to build massive databases capable of pinpointing people’s locations via their cellphones. These databases could help them tap the $2.9 billion market for location-based services—expected to rise to $8.3 billion in 2014, according to research firm Gartner.
There will be about 1 billion smartphone users, worldwide in 2011. Global smartphones sales will reach 1.6 billion units by 2017, according to Global Industry Analysts.
Dailywireless has more on Phones Becoming Government Spies.