Wi-Fi Comprimises Privacy


Dr. Ann Cavoukian - Ontario's Information and Privacy Commissioner

see source


Wi-Fi Positioning Systems:

Beware of Unintended Consequences

TORONTO – Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, and Kim Cameron, a
leading digital identity expert, have released a new joint publication called “Wi-Fi Positioning Systems:

Beware of Unintended Consequences – Issues Involving the Unforeseen Uses of Pre-existing Architecture.”
In this white paper, launched at the SC Congress Canada 2011 Conference in Toronto today, Cavoukian
and Cameron call for the use of Privacy by Design to protect the privacy of mobile device users.

Mobile devices are becoming more crucial in our daily lives, with people now carrying them and using them
practically everywhere. Whenever an individual uses location-based services on his or her mobile device, a
unique identifier of nearby traceable Wi-Fi access points called a Media Access Control (MAC) address is
relayed. This raises privacy concerns because this location information may be compiled into a profile of an
individual over time, such as where they have travelled to, shopped, eaten or banked.

In addition, potential unintended consequences stem from the intrinsic nature of MAC addresses that are at
the core of current networked communications. For instance, with minimal time and resources, one may be
able to associate MAC addresses of mobile devices to physical addresses, and then to a specific individual.
Furthermore, depending on future developments, it may even be possible that individuals using geolocation
services could inadvertently report the MAC address (and, simultaneously, location) of mobile devices
belonging to friends, family or co-workers – creating an unintended ‘unknowing informant’ model of data

Embrace ‘Privacy by Design’ to avoid Privacy by Disaster
“Privacy must be designed into Wi-Fi positioning systems to prevent unintended consequences,” says
Commissioner Ann Cavoukian. “I’ll repeat the message I gave about the Apple and Sony controversies –
don’t practice privacy by chance. Companies should practice Privacy by Design – they should address
privacy proactively and put control squarely in the hands of the users, where it belongs.”

Build Privacy Protection Directly into Wi-Fi
“What companies, government departments, people and systems will be able to follow our physical
movements and activities, five or ten years from now? How will what they see change the way we are
treated? Will individuals have any protections? That is what location technology is about,” says Kim
Cameron, co-author of the paper. “When you look into this, it becomes clear that location technology must
embrace our human need for privacy. In this paper we try to point to ways that can come about.”

Device Owners – Upfront Consent is Needed
The authors caution that when designing an architecture (e.g. wireless networks), the question of unintended
uses, inadvertently introduced through the existence of that architecture, should form part of a privacy threat
risk analysis. In no case, should the MAC address of end-user devices be collected or tracked without the
consent of the owners of such devices.

About the IPC
The Information and Privacy Commissioner is appointed by and reports to the Ontario Legislative
Assembly, and is independent of the government of the day. The Commissioner’s mandate includes
overseeing the access and privacy provisions of the Freedom of Information and Protection of Privacy Act
and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health
Information Protection Act, which applies to both public and private sector health information custodians. A
vital component of the Commissioner’s mandate is helping to educate the public about access and privacy

It's only fair to share...
Share on FacebookTweet about this on TwitterGoogle+Pin on Pinterestshare on TumblrShare on LinkedInShare on RedditEmail to someone

Leave a Reply

Your email address will not be published.