Only one day after Google has released its social networking, location-aware application, Google Latitude
, a privacy advocacy group is claiming that Google Latitude has "a fundamental design problem that could substantially endanger user privacy
." Even though Google Latitude is designed to minimize privacy risks, Privacy International claims that Google Latitude's current opt-in system is still not secure enough.
Google Latitude is an application for mobile devices and computers, which allows you to broadcast your location to other Google Latitude users, and lets you see other users' locations on a map. Google Latitude determines locations using a device's GPS or Wi-Fi abilities (or a user can also manually input his or her location). Google Latitude currently works on the Blackberry, S60 devices, and Windows Mobile devices; and will also soon be available for Android, iPhone/iPod touch, and Sony Ericsson devices.
In order for Google Latitude to be allowed to broadcast your location to other users, you must first send these other users an invitation to see your location. If you don't send them an invitation or if they don't accept the invitation, they won't be able to see your location using Google Latitude. Privacy International is of the opinion that while this seems like a relatively secure method, there is one fatal flaw to it:"...This safeguard is largely useless if Latitude could be enabled by a second party without a user's knowledge or consent... The danger arises when a second party can gain physical access to a user's phone and enables Latitude without the owner's knowledge."
Privacy International offers these five hypothetical scenarios as examples of how or when Google Latitude could be abused for nefarious or unseemly purposes:
- "An employer provides staff with Latitude-enabled phones on which a reciprocal sharing agreement has been enabled, but does not inform staff of this action or that their movements will be tracked.
- A parent gifts a mobile phone to a child without disclosing that the phone has been Latitude-enabled.
- A partner, friend or other person gains access to an unattended phone (left on a bar on in the house) and enables Latitude without the other person’s knowledge.
- A Latitude-enabled phone is given as a gift.
- A phone left unattended, for example with security personnel or a repair shop, is covertly enabled."
Privacy International points out that once location sharing is enabled between users, it possible for one of the users to "mask his phone's presence, thus ensuring that the victim is unaware that her phone is being tracked
." Another point of contention for Privacy International is that while Google states that some devices will "receive prompts... reminding you that you have enabled Latitude to share your location with selected friends
," that this implies that some devices will not display such prompts.
Privacy International does have some valid points here. In fact, even on devices that show a prompt informing the user that Google Latitude is running, not every user is going to know what that necessarily means or what the possible ramifications are.
That said, it is important to note that Privacy International's criticism of how Google Latitude can be abused, hinges on a single variable: "When a second party can gain physical access to a user's phone... without the owner's knowledge
." Privacy International even points out, "at present we are unaware of a way this could be achieved remotely
." We would like to point out, however, that when a second party gets access to a user's phone without the owner's knowledge, there are a lot of things
that second party can do to that phone that can potentially compromise the privacy of the phone's owner--perhaps limited only by the second party's technical savvy. For instance, if someone also has access to your account information (and if your phone supports this feature), they could set up a chaperone
service on your phone, which would also allow them to track your location.
Privacy International's call-to-arms is for Google to make sure that the Google Latitude alert pops up on all devices it is enabled on. Assuming that the technology permits it, we see this as a reasonable request--although the incessant pop-ups are likely to annoy a lot more users than the concept is designed to protect. (For instance, the primary complaint of Windows Vista is the frequent and annoying, User Account Control, security warnings.) It is unlikely that a single solution will make everyone happy or serve everyone's needs--especially that of "stalkers, prying employers, jealous partners and obsessive friends