combination of location and identity

Hello,

I'm very glad to find this group, which covers one of the most interesting
and important topics of today. Currently, I'm doing some research on privacy
issues of location-based services. I would like to participate in this group
and to contribute to a common understanding of this topic. Actually, I have
two contributions:

1) Reading the literature, I was wondering, if it could help to clarify,
what we exactly think of when talking about "location". My proposal would be
that "location" is a certain place (on earth?), which has several
"representations", e.g. a coordinate or a symbolic representation like "The White House".

Within certain user groups, these representations are well known and thus
equivalent to a location (meaning of a WGS84 coordinate is nearly globally
known, the exact place of "The White House" is known by a certain group of
people, too), whereas some groups do not know (exactly) the according place (some
people only know the rough area, "The White House" is situated in).

Moreover, thinking of user identifiers including location representations
(like "president@whitehouse.gov" or an IP address), these can be linked to a
more or less exact place dependent on the attacker's knowledge (e.g. knowledge
of the IP address topology). Apart from that, some identifiers reveal just
the location of the user with regard to network topology (e.g. the home network
"whitehouse.gov") but not the geographic location of the user.

2) From our point of view, the degree of danger risen by disclosure of
location information primarily depends on two parameters, regarding user privacy.
The first and most obvious one is the granularity (precision, resolution) of
the location information, which is a kind of entropy of this information.

The second parameter, which we rate of at least same importance is the
information, which can be linked to the disclosed location information. Regarding
tracking of a user ("target"), this can be seen as the identity information
bound to the revealed location information, e.g. the user's real name, a
pseudonym, a role (pedestrian, member of a certain group). Moreover, it can also
be any other information, known about the target. E.g., if the tracked target
is my cell phone or PDA it is usually located where I am, thus disclosing my
location, too. Thinking of my car being tracked, then I am likely to be, too
(at least if it is moving) but inference of my location is much more
imprecise than regarding my cell phone.

Thus, in my opinion we do not only need to consider the location
information, but also other information about the target linked to this location
information. These are two parameters to adjust the overall entropy of the
information. For example, somebody knowing my exact location may not be allowed to
know my exact identity (just perhaps a pseudonym) and somebody knowing my exact
identity may not be allowed to know my exact location (neither that of my
cell phone). Therefore, we need to control the accuracy of location information
as well as the amount of identity information that can be linked to the
location information.

Does anybody agree with my theses?

Best regards

Christian Hauser
Institute of Communication Networks and Computer Engineering
University of Stuttgart, Pfaffenwaldring 47, 70569 Stuttgart, Germany

-- 
Sent through GMX FreeMail - http://www.gmx.net