Spy/Counterspy

Jerry Leichter leichter at lrw.com
Sun Jul 11 15:40:07 EDT 2010 

On Jul 11, 2010, at 1:16 PM, Ben Laurie wrote:

>> Beyond simple hacking - someone is quoted saying "You can consider  
>> GPS a
>> little like computers before the first virus - if I had stood here  
>> before
>> then and cried about the risks, you would've asked 'why would anyone
>> bother?'." - among the possible vulnerabilities are to high-value  
>> cargo,
>> armored cars, and rental cars tracked by GPS. As we build more and  
>> more
>> "location-aware" services, we are inherently building more
>> "false-location-vulnerable" services at the same time.
>
> Most location-aware services should not care whether the location is
> real or false, for privacy reasons. Agree about the issue of
> high-value cargo (but I guess they'll just have to use more reliable
> mechanisms, like maps and their eyes), don't care about rental cars.
I have no clue what "most" location-aware services will be in a year,  
much less in five or ten years.  Sure, if you think that the dominant  
role for such services will be targeted advertising to people passing  
by storefronts, then it makes little difference if the location is  
wrong, except perhaps to the stores (and hence the viability of such  
services) if grossly incorrect information becomes commonplace.  But  
if the service is "find me the hospital I can get to fastest, given  
current road conditions", the cost of error may be rather higher.

Privacy is an entirely distinct issue.  At the least, services in  
which I compute something from my location and data I've pre-loaded  
for a reasonably large area - without ever revealing my location to  
someone else - have no privacy implications at all.  (Note that I've  
described the characteristics of most GPS units sold today.)  But it's  
easy to come up with examples where such a location-aware service  
becomes dangerously vulnerable - and perhaps dangerous - if it is fed  
incorrect location information.

How much and how often I share my own location information, under what  
conditions, and what I get in return, are all very much up in the air  
- though if we don't address them, they will default to "fairly  
precise location information, fairly frequently, with few usage  
restrictions, for little I want".  But the inherent vulnerability to  
falsified information is an inherent part of coming up with any  
valuable use of true information, no matter what privacy policies we  
agree on.
                                                         -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list