A System for Locating Mobile Terminals with Tunable Privacy

Journal of Theoretical and Applied Electronic Commerce Research, Aug 2007 by Bessler, Sandford

1.2 Contributions of this work

An efficient location service based on triggered location updates is the prerequisite for the location privacy work. Our main contribution is the design of a simple system that allows mobile users to define own location zones and to manage their disclosure to buddies, groups and external watching applications.

The presented model has several benefits with respect to the achieved privacy:

* the user discloses geographically isolated zones making tracking more difficult

* in many supported scenarios the location information is abstracted to a name instead of real geographical data, limiting the usage of the data by the watcher for further processing

* by selecting the zones and their size, the localized user has a fine control of his privacy towards individual watchers: that is what we mean by tunable privacy

* finally, the usability is increased, since it is easy for the user to understand the effect of his configuration actions

The rest of the paper is organized as follows: Section 2 describes the discrete zone model, Section 3 explains in details the interactions and the standards used, Sections 4 presents different model extensions for external both trusted and non-trusted services and discusses possibilities for performance optimization, section 5 reviews related work, and finally section 6 presents conclusions and considerations for future work.

2 Location semantics and zone management

With the exception of pure tracking applications, useful location information consists of the name of the place the user is in. Our model is therefore based on discrete location areas we call "zones", between which the user moves in his daily life, for example home, office, gym, parents-home, supermarket, etc. For community applications, the names of these zones are meaningful only for the person herself, for her friends and family, or denote public places such cinemas or shops. The main idea of tunable location privacy is the fact that a user defines a number of "zones" and decides to disclose them selectively to trusted users from his address book (buddies). Outside these zones, the user cannot be localized.

Besides the discrete character of zones, the location accuracy varies with the size of the circle or polygon around that location: for example a zone can be defined as fuzzy as the whole city area in which the person lives. Even this information is sufficient since it allows colleagues to know whether the user is traveling or not, and it enhances his privacy !

In order to exchange location information two users have to establish a trust relationship. Technically, this leads to following two steps:

First, he has to add the other user to his contact list (similar to the popular VoIP and IM systems). Second, he has to associate a number of previously defined zones to that contact, meaning that the latter can query or be notified whenever our user reaches any of these places. It is a simple metaphor the user can understand and verify anytime.