Mobile Location Based Service user privacy (commercial issue)

Hi there,

I just got to know this WG. It is really great to share ideas here.

I am raising a question from commercial/legal perspective on Mobile Location
Based Service (LBS) user privacy issue. The location information disclosure
due to technical problem (hacker attack, etc.) may not be relevant and
touched here.

All the parties involved here include User(s), Mobile Network Operator
(MNO), and LBS Application Service Provider (ASP). My concern is on the
relationship and privacy issues among User, MNO, and ASP.

First, I would like to define all the relevant parties in LBS chain.

User(s) include both the user whose location is requested by other parties
and the user requesting the location of other users.

Mobile Network Operator (MNO) is defined as the owner and operator of mobile
network. It has the technical capability to locate its mobile
users/subscribers. MNO could also provide some LBS Applications/Services.
MNO will be the party to ensure that the location information of a User is
not abused so as to protect user privacy as well as to protect itself from
legal issue since it physically controls and provides the user location
information.

LBS Application Service Provider (ASP) is defined as the service provider
that utilizes the location of users to deliver service. If it is not
specifically stated, ASP does not include the ASP function carried out by
MNO.

My question is how MNO can ensure the end user location information is
respected and protected and not abused by ASP.

I give an example as follows.

The user wants to find his own location.

                The user enters a new city and is not sure about the
surrounding environment. He thinks he will be feeling safe/comfortable if he
knows his location. Thus, he checks with his MNO, requesting his own
location to be delivered to him.
                This sounds simple and straightforward. But there is the
tricky part here. If the service is provided by MNO, MNO will ensure that it
will carry out the positioning only upon request. But if an ASP other than
MNO provides the service, how does MNO ensure user privacy? Say the ASP may
tell MNO to locate John. But actually John did not request for this. The ASP
just did this out of curiosity or some other reasons. Another privacy issue
is that every time John requests his own location, the ASP may keep a record
for some reasons, say, just for fun or selling it to third party. The user
and MNO may not know all these. One day when the user gets to know his, he
is likely to sue both ASP and MNO, as MNO is the one who provided user
location information to ASP.

Things become more complicated when more than one user is involved. Say
parent wants to know whereabouts of his/her daughter. A guy wants to find
his buddy. Boss wants to know the location of his/her employee.
In those cases, shall MNO keep all the Location-related user profiles under
its own control or keep a mapping record of the user profile of different
applications? But it is difficult for MNO to keep all the Location-related
user profiles. First, there could be dozens of applications provided by ASP
as the LBS becomes popular. And it is not efficient as well. For example,
User A tries to locate User B by Application Zero. Since the profiles are in
both ASP and MNO, first Application Zero checks its database and finds A has
the right to locate B. Thus it gives green light to A. Then the Application
Zero interrogates MNO for B's location. Once again, MNO has to check its
mapping database of Application Zero to grant permission. Second, the
Location-related user profile is highly dynamic. For example, an employee
agrees that his boss can locate him from 9am to 6pm, Monday to Friday. But
somehow on one Thursday, the employee is allowed to knock off at 3pm. So he
changes his Location-related user profile at ASP side. How does MNO know the
change? Shall MNO ask ASP to export all these changes all the time to it?
Once again, this is not efficient and cost is high.

My point is that it is not advisable for MNO to control all the
Location-related user profile in different applications. As this is not
efficient and incurs a lot of cost when there are a lot of LBS applications.

Then, how to protect MNO?

Is it enough just to sign an agreement with ASPs, stating that they can only
request for the location of the right person at the right time with the
right authorization and the location information will be guarded and not
released to third party?

By signing the agreement, it seems that MNO can push aside the legal issue
to between ASPs and Users. However, by doing so, MNO is still in a
vulnerable position. Whenever there is a location request of its subscriber
from an authorized ASP (with the aforementioned agreement signed), MNO will
provide this information, although the location request may be illegal. So,
is MNO 100% safe here?

I would appreciate if you may share your idea with me.

Thank you.

Alex WANG Jiayi
Mobile, StarHub Pte Ltd
51 Cuppage Road, # 07-00 StarHub Centre, Singapore 229469
Tel: (+65) 825 5547
Mobile: (+65) 9004 0768
Email: alexw@starhub.com.sg

The contents of this email and any attachments are confidential and may be
privileged or otherwise protected from disclosure. Unauthorised use, review,
distribution and copying of this email and any attachments herein are
prohibited. If this email has been transmitted in error please delete it
immediately and notify the sender.
Unless otherwise stated, any pricing information provided or implied in this
email and any attachments herein is merely indicative, does not constitute
an offer to deal at any price quoted and is subject to contract.
Received on Thu Jul 19 11:59:27 2001