A System for Locating Mobile Terminals with Tunable Privacy

Journal of Theoretical and Applied Electronic Commerce Research, Aug 2007 by Bessler, Sandford

One of the practical problems encountered when using area notification was to infer the correct state "inside" or "outside", since the GPS signal fluctuates in urban areas or even disappears when the user enters a building. The outcome from the measurement sequence had to be stabilized through a hysteresis filter. We made experiments that started with "tagging" a place, mostly at the entrance of a building and then accessing this place from different directions and streets. The radius of the area has been varied between 30 and 75 meters and we measured a success rate of 85% in triggering correctly the entering and leaving conditions at different times of the day at walking speed. Figure 7 shows a map-based notification that pops-up when the presentity user enters the zone marked with the circle.

5 Related work

Location privacy mechanisms are a part of larger research topic, that of privacy enhancement techniques (a good overview of real privacy scenarios and mechanisms can be found in the deliverables of the IST PRIME project [8]). The work of the Geographic Location/Privacy (Geopriv) working group at IETF provides a quite generic and flexible framework in which our special mechanisms could fit as well (for a recent paper see [32]). Especially the selection of SIP as the "using protocol" between different entities of the Geopriv architecture (location server, location recipient, location generator) and the reuse of mechanisms encountered in the handling of presence are similar to our work.

Geopriv basically defines a Location Object capable to carry both location information and the policy rules for the distribution of this information. However, instead of general policies and authorization rules, we have described a simple zone notification mechanism with tunable privacy that covers many practical scenarios.

At the Columbia University, the use of SIP for location services has been investigated in several publications. Shacham et al. [30] describe different scenarios for location sensing and tracking, device control, emergency calls using the SIP protocol. Küpper and Treu [13] propose complex location update strategies in the mobile terminal in order to realize scalable Location Based Services.

Instead of regarding access control mechanisms to protect location information, Beresford [19] focuses in his Dissertation on a class of location applications, where privacy can be realized through anonymity and pseudonymity, and investigates the degree of anonymity a user still has if he moves in a so called mixed-zone, i.e. between zones in which applications may track him.

Finally, a group of works investigate the use of policies and policy languages such as XACML, P3P etc. to express more complex rules for the protection of user privacy in general and location privacy in particular. Marc Langheinrich [15] describes pawS, a privacy awareness system for ubiquitous computing environments. In paswS, when the user enters an environment in which services are collecting privacy relevant data, a privacy beacon announces the privacy policies of each service, and the interaction with the user privacy policy is similar to that specified in P3P. Myles et al. [17] describe a location server in which so called validators check privacy policies and preferences against application requests to disclose user location and in this way automate the privacy management.