Ontario Privacy Commissioner Ann Cavoukian has released a new report, “Wi-Fi Positioning Systems: Beware of Unintended Consequences” (OPC pdf; archive pdf). Here’s information from the executive summary:
Smart mobile devices are required to perform a multiplicity of tasks: they operate via sophisticated geo-location software that enhances the end-user’s mobile experience through a wide range of services relying on the device’s location. To deliver these location services with greater speed and accuracy, Wi-Fi positioning systems (WPS) were established that rely on wireless access points for location coordinates. For the proper functioning of a wireless architecture, IEEE Project 802 defined a standard which assigns a Media Access Control (MAC) address to local area network devices. A wireless access point such as a router will be given a unique MAC address, as will Wi- Fi equipped laptops, mobile phones and even printers. An important and necessary feature of the MAC address, for the proper functioning of a wireless communications network, is that it be visible in communicated data frames, whether or not the wireless network is encrypted. In a WPS, the MAC address for a Wi-Fi access point becomes an index for a geo-location reference point. Companies known as location aggregators are building and/or maintaining databases of the MAC addresses of these Wi-Fi access points for commercial purposes, and provide access to third parties interested in location-based applications and advertising.
In this paper, we explore the identity and privacy issues that could arise from the unintended uses of the MAC address. Since the MAC address was designed to be persistent and unique over the lifetime of a Wi-Fi device, in a WPS, it identifies Wi-Fi devices that are closely associated with individuals – not only stationary routers, but personal laptops and mobile phones. When a unique identifier may be linked to an individual, it often falls under the definition of “personal information” through that data linkage and carries with it a host of regulatory responsibilities. The associated privacy issues range from lack of knowledge or consent of the mobile device owner for the use of the unique identifier, the possibility of unauthorized disclosure to third parties, or potential uses for secondary purposes.
The following observations and suggestions are made:
- Privacy is predicated on providing individual mobile device users with personal control, alongside openness and transparency on the part of the provider;
- In no case should the MAC address of an individual’s mobile device be collected or recorded without the individual’s consent;
- Privacy by Design is now the International Standard for privacy and should be considered at the outset, for a doubly-enabling outcome; therefore, engineers should use Privacy by Design as a standard to ensure that privacy is embedded into the architecture of various technologies and systems;
- When designing technical architecture, the potential for possible unintended uses should form part of a privacy threat/risk analysis;
- We must research and think creatively to find ways to embed privacy into Wi-Fi protocols that can randomize MAC addresses or ensure privacy through a proxy-like method of assigning addresses. Innovative solutions will be required to change the existing model of using persistent MAC addresses that remain uniquely bound to a mobile device.