Privacy in Google Latitude

Good news:

What Loopt — and now Google — are asserting is this: when you tell your friends where you are, you are using a public conveyance to communicate privately. And, just as it would if it wanted to record your phone call or read your e-mail, the government needs to get a wiretap order. That's even tougher to get than a search warrant.

Posted on March 16, 2009 at 6:36 AM • 19 Comments

Comments

JimMarch 16, 2009 8:25 AM

The EFF makes a good point also that it matters what happens after, "it remains to be seen how far Google and Loopt will go if faced with a court order that isn’t the required super-warrant"

I worry more about what happens after Google starts to monetize this application. When you are near your favorite pizza shop and you get an and for them on your phone will the advertiser get the data to store?

HahahaMarch 16, 2009 8:29 AM

"the government needs to get a wiretap order. That's even tougher to get than a search warrant."

What about all those warrentless wiretapping stories?

The best we can realistically hope for is some technological block on this. Not an on/off switch, which can be subverted, but some sort of peturbation of the signal to inherently reduce its accuracy.

MuffinMarch 16, 2009 8:40 AM

Will a wiretap order be required for *everyone*, or just for US citizens? Also, will it involve our beloved secret rubberstampin' FISA court?

TynkMarch 16, 2009 9:03 AM

@hahaha

In any system, be it government or not, there are those who will skirt the rules to get what they want or deem right regardless of the rules. Unfortunately, no laws will stop them from doing what they will do. Along the lines of "Locks are there to keep honest people honest."

What does need to be considered though is the standard procedure to way most possible outcomes in terms of financial gain or loss. Google is no different. So, will they comply with an incorrect court order to provide information? That will depend if they find it fiscally suitable to do so. Will they provide the same information to private firms who have the financial and litigation backing to do so?

http://www.techdirt.com/articles/20090206/...

NickoMarch 16, 2009 9:58 AM

Of course what they really should have done is construct a decent cryptographic security model so that location information is distributed as cryptograms that can only be used by your authorised friends.

PaeniteoMarch 16, 2009 10:15 AM

@Tynk: "Unfortunately, no laws will stop them from doing what they will do."

Which is probably why hahaha suggested technical measures.

Along the lines of: No law will prevent them to read my emails, that's why I encrypt them.

larkin1March 16, 2009 10:45 AM

:

[ "...government needs to get a wiretap order... even tougher to get than a search warrant" ]

.

....really, really naive.

A court order is only "required" if they want to use any specific evidence gained via the wiretap/search... in a formal court procedure.

As a practical matter, government (especially Federal) cops & snoops can do all kinds of illegal surveillance with little fear of discovery, much less punishment.

FBI/CIA are notorious over the past half-century+ for all manner of warrantless wiretaps/searches/break-ins/mail-openings. Not hard to imagine how far NSA/DHS have advanced that state-of-art, these days.

Most warrant requests are rubber-stamped by judicial bureaucrats anyway, but why fuss with any paperwork when you don't have to (?)

FPMarch 16, 2009 10:54 AM

Good news indeed.

Of course public companies and the government have been able to subvert other such policies in backroom deals.

And sooner or later, Google will want to mine the data for advertisement purposes. ("Here's the menu for a new fitness studio that has just opened along your jogging route. Press Yes to sign up for 12 months, press No to get a free three-month pass that will change to a subscription unless canceled.")

Once Google stores the data, it will be easier for the government to get to.

Oh, and present efforts to require telephone providers to keep a call log can easily be extended to these kinds of services.

Or am I being to pessimistic?

ytMarch 16, 2009 12:10 PM

It's not as if the government needs to go through Google to track your location based on your mobile phone. They can get the same information directly from the telecommunications providers, who have already demonstrated their willingness to cooperate, and who are immune from prosecution.

So while it's great that Google is not willing to share your whereabouts, you still have a tracking device in your pocket if you carry a mobile phone.

ToddMarch 16, 2009 12:16 PM

@yt

Amen brother! (-;

Google Latitude is a non-issue. Simply carrying a cell phone gives others the ability to track you. And to those who are worried about Google sharing your data or sending you ads, the answer is to stop using google, or accept that fact that a "free" service is not really free.

JohnMarch 16, 2009 1:02 PM

"the government needs to get a wiretap order. That's even tougher to get than a search warrant."

That mistakenly presumes that the government goes through with obtaining the order / warrant in the first place.

In America, we shoot first and ask questions later.

I, like the government, see it as no impediment whatsoever.

Just cry "Terrorism", and all is forgiven.

Davi OttenheimerMarch 16, 2009 1:04 PM

Does it really prevent law enforcement from using an API? Google says Latitude doesn't have support for them (yet), but the data seems to leak easily via other products.

bobMarch 16, 2009 1:50 PM

Just wondering what the jingoistic hierarchy is? (kind of like when a treehugger sees an endangered animal eating an endangered plant)
a) the children
b) drugs
c) terrorism
If I can get "b" but have to forfeit "a", does that parse? How about a+b > c? I mean if a wiretap will convict a terrorist but expose a child to suffering which wins out?

ytMarch 16, 2009 3:41 PM

@bob: speaking from personal experience, C trumps A... unless you can think of some reason a 5-year-old deserves a SSSS boarding pass.

Clive RobinsonMarch 17, 2009 12:41 AM

@ bob,

"I mean if a wiretap will convict a terrorist but expose a child to suffering which wins out?"

Forget any idea of a "jingoistic hierarchy" you just need to answer the question

"What gets me (or my boss) the next grade up"

According to a number of UK "press items" Senior Police Officers in the UK have received financial incentives from their political paymasters. Apparently this is to encorage those "below them in the hierarchy" to meet certain "targets" set by the political paymasters policies (ie getting tough on paperwork etc).

That is the "boss" gets a "nice little earner" if the "boys on the beat" concentrate on filling out "paperwork" to show that "whatever crime the current political focus is on" has dropped...

So at best UK Police officers spend over 50% of their time filling in Government target forms and other incidental paperwork which most "citizens" would not consider "Proper Police work".

And the rest of what remains of an "officers" time (after "paperwork") concentrating on one sort of "Political face saving" crime or another, over crime that the officer knows actualy hurts the "citizen" more.

Oh and the same Politico's who are giving the "Boss" the "nice little earner" have renaged on an agreed pay deal with the ordinary "rank and file" Police officers.

And these same Politicos wonder why the "rank and file" Police officers have low moral, and the most experianced (and usually most effective) officers want to "get out" of the "force"...

Michael SeeseMarch 17, 2009 5:15 AM

@nicko:

"Of course what they really should have done is construct a decent cryptographic security model . . ."

If only we knew someone who was really good with encryption . . . :)

GrahamSMarch 18, 2009 9:29 AM

I can see it now...

Ring Ring.

"Good morning Mr S, this is an automated DVLA service, we note that your mobile phone is currently travelling at 85mph along the M4, you have therefore been fined £60 and three points will be added to your licence. Please send you licence to DVLA within 10 working days. The fine will be added to your next phone bill.

We also note that your phone is not connected to any handsfree device, this will incurr a further £60 fine and another 3 points.

If you are a passenger in a car you have 48 hours to inform of us of the driver details.

Thank you"'..

Click...


StephanieMarch 19, 2009 11:32 AM

Warrantless eavesdropping? Terror labels? Wow, all this time I thought they were monitoring for training and quality purposes because they care about our online/phone experience?
Slapping forehead.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..