Presentation at the Identity.next conference in The Hague http://identitynext.nl/
The presentation explains the role of location providers such as Google and Skyhook Wireless, the Google Wifi debacle and the privacy issues when MAC addresses are being exposed (both of wifi hotspots and of client devices).
Who are you?GovernementIdentitypeople?Privacy people?
Story that has been making headlines this year – spectacular in privacy world
It’s old already!Used to be services by Operators!
Now: 3d parties not linked to the operatorExample: Navigation information, maps…
But also: extra parameter for context
USG
Pics (implicit)
GPS-signal : no privacy impactHow do you translate antennas and wifi to a location?
Have a great website withexplanation
Capture MAC addressesAlso from your hotspot at homeBydrivingaround
Telcos their first customers
That’s how they improvetheir database
Client: also laptops with “normal browser”(Google Location service is default location provider in Firefox and Chrome)
A worldwide sensor network (eg in cities, inside, at higher floors...)
Important: this happens for every application, as soon as you get out…No wonder Skyhook can build impressive visulisations and derivative products (crowd management)On the other hand: massive surveillance tool on top of dataretention, and in the hands of US government – beware if you’re a blond australian.
Bigger than Skyhook, so more under scrutiny
StreetviewAuditby German DPA had stored content of communication as well
StrozFriedbergto their advantage: channel switching every 0,2 seconds email addresses, passwords... also: MAC-adresses clients!: industrial-scale tracking system
PR and possiblylegal disaster for GoogleStoppeddrivingcarsNotsurewhethertheywill stop to self-update
QuestionsDPA’swill have toanswer…
And if it is personal data, how then?Think of divorced womanThink of Malware: wifi – routerConsent by owner?Compare to Google Streetview pics (visible versus invisible wavelength, German opt-out)
Detailed information on your lifestyleCombination of your IP address + Mac Address + locationRegulation, just like with search enginesGranularity of consent ( I cannot differentiate between location providers)
Beacon ~ identityThink of social engineering…Mac addresses were never supposed to be exposed…Malware
For this corporate identity management audience
Mindsetsecuritypeople <> privacy people
(think of phonecalls in public)
Similar to IP addressesTokens, pseudonymsThingsthatcanbecomepersonal dataGrey zone…(that’swhy privacy people are lawyers and nottechnical)
At the moment: reputation. Will become financial penaltiesGoogle guy: the more data, the better