Darren Waters

Google 'puts spy in your pocket'

  • Darren Waters
  • 5 Feb 09, 13:16 GMT

It's a great headline, made all the more punchy by its place on the front page of yesterday's Metro newspaper.

Metro newspaper on GoogleBut is Google really putting a "spy in your pocket"?

The search giant has long been a soft target for journalists keen to warn about Big Brother culture, and every step it takes is closely monitored by those who are concerned that the firm has too much of a stranglehold on our data.

So what has Google done this time? Quite simply, it's joined a growing number of firms that offer geolocation services using a combination of GPS and user input.

Latitude is a service that allows you to share your location with friends using your computer, or the GPS that comes built in with many of today's smartphones. It can also triangulate using mobile phone towers, and using wi-fi hotspots.

You can see the location of your friends that have opted in, while they can see yours, using Google Maps on your phone or on your computer.

Other firms are doing something similar. Fire Eagle is Yahoo's cross-platform geo-service (developed, incidentally, by ex-BBC man Tom Coates), while you can also use BrightKite or Loopt to do something similar.

Advocates of these tools see them as a natural extension of services like Twitter, or social networking.

So Google is not exactly breaking new ground here - just joining a growing number of companies trying to exploit the combination of mobile computing power and location-aware devices.

Metro quotes a well-respected privacy expert - Simon Davies of Privacy International.

Mr Davies has long voiced his concerns about what he sees as a lack of rigour in Google's security systems and the danger of its near-monopolistic position in some markets.

He shrugs off Google's defence that Latitude is opt-in - it's up to you whether you want to share your location - by saying that peer pressure will force many to join.

I don't think that Google can be blamed necessarily for peer pressure, however.

But Privacy International also says it has identified a security flaw in Latitude.

It says: "After studying the system documentation, PI has determined that the Google system lacks adequate safeguards to protect users from covert opt-in to Latitude's tracking technology. While it is clear that Google has made at least some effort to embed privacy protections, Latitude appears to present an immediate privacy threat."

latitudeIt says there are clear scenarios when the reciprocal authorisation system employed by Google's Latitude (eg I want to share my location data with you, and you want to share your location data with me, and we both agree to do so) can be exploited:

 • An employer provides staff with Latitude-enabled phones on which a reciprocal sharing agreement has been enabled, but does not inform staff of this action or that their movements will be tracked.
 • A parent gifts a mobile phone to a child without disclosing that the phone has been Latitude-enabled.
 • A partner, friend or other person gains access to an unattended phone (left on a bar or in the house) and enables Latitude without the other person's knowledge.
 • A Latitude-enabled phone is given as a gift.
 • A phone left unattended, for example with security personnel or a repair shop, is covertly enabled.

These are, of course, human failings rather than technological. Privacy International is seeking a further layer of technological security to the authorisation process.

Fire Eagle, for example, can be set up to be re-authorised every few months or so.

Latitude does also allow users to mask their location, and even control how accurate it is.

The story here is less about Google, to my mind, and more about the imperative for everyone in society to grapple with the implications surrounding technology and privacy, especially when it is moving so quickly.

And I've been trying out services like BrightKite for a while now to try and get my head around those implications.

I can be found - quite literally - on BrightKite here.

PS: In the video below, you can see a Google product manager demonstrating Latitude.

In order to see this content you need to have both Javascript enabled and Flash installed. Visit BBC Webwise for full instructions. If you're reading via RSS, you'll need to visit the blog to access this content.

PPS: In case anyone was wondering why my posting to has been so dismal of late, I've actually been away from Technology for almost six months on a few side projects with the BBC. I'm back in the wi-fi-enabled saddle from the middle of this month. My thanks to Rory and Maggie for doing such an excellent job with the blog in my absence.


  • Comment number 1.

    It has an off switch. Therefore no problem.

  • Comment number 2.

    I've already installed this on my phone and will be recruiting friends and family when I get home.

    And thanks for obligatory mention of Twitter, i'm not getting bored of hearing it in these blogs at all.

  • Comment number 3.

    My privacy concern is that in order to share my location with friends I will also be sharing my location with Google. Not that I don't trust Google, but I trust myself more than any 3rd party and technology ought to allow me to share my location without needing a 3rd party.

  • Comment number 4.

    I have a feeling that the Privacy International people haven't actually used Latitude. It doesn't work the way they think it works.

    I guess by "covertly enabled" they mean Google Maps 3 has been installed and Latitude activated without the phone owners knowledge - it's pretty damn obvious when Latitude is activated as an icon representing you is displayed on the map when it's activated. When you exit google maps it asks you if you want to keep sharing your location with latitude. On a Nokia N95, when latitude is running but maps isn't, the Google Maps icon in Applications still displays as active. If you do notice Latitude running (and you'd have to be fairly oblivious not to notice it running), it's fairly easy to turn off - it's not some form of hidden spyware that the phone owner has no control over. I doubt anyone "covertly enabling" Latitude on somebody's phone would get much out of it for very long.

  • Comment number 5.

    I think it's brilliant. The privacy parade should really find something better to do with their time. If I want my friends (and note it's only my friends who can see it) to see my location, then why shouldn't I?

    As soon as I saw this on the news this morning, I immediately upgraded my version of Google Mobile Maps and duly enabled the feature for a bit of fun.

    Note - I had to enable it, it wasn't on by default.

    Stop complaining and get a life! ;-)

  • Comment number 6.

    PS. Are all comments automatically flagged as requiring moderation now?

  • Comment number 7.

    If you make a call or send a Txt from any mobile phone, the billing company knows your location as well as duration of call, time of day etc.
    The police have used this information to attempt to identify who was in a specific area, at a specific time, in murder invstigations.

    Having had a phone nicked I want:
    a) To either know either exactly where it is so it can be recovered or
    b) Have a switch that can make it self-destruct in their hand.

  • Comment number 8.

    Problem is not with Google per se but with lack of controls on how info is collected and used. 4 areas of partucular concern:

    1. As earlier post suggested, cell phone companies can already track fairly closely, and often more so as many people don't even realize basic GPS locator is commonly turned on by default. In the US, it is always on for police/emergency service calls. Even if service is off for other calls, you can be tracked about as close as Latitude by cell service provider. Phone companies have shown themselves willing to turn this info over to authorities on mimimal pretext, and there is little control over what they do with that info other than voluntary standards.

    2. "Turning off" Latitude and other such services assumes the provider actually allows you to do so, as opposed to simply stopping sending the info to your friends or whoever. This comes down to trusting these folks with no good way to verify. On the other hand they will have strong marketing incentives to track and make that data available.

    3. There could very well be enourmous pressure put on employees to carry devices with such services turned on, including potential job loss on refusal. As technology improves accuracy, we could see some companies using this data to even do things like count trips and time spent on restroom and watercooler breaks. Do you really want your boss [or his boss's boss] looking over your shoulder like that ?

    4. Google and others are under very limited regulation re: how they use and share this info. I for one trust them only to do what they perceive to be in their own best interests. This likely includes significant privacy protection for Latitude to get people to use it. However, there is no garuntee this will continue in the future.

    Widespread use of this technology opens up an enourmous can of worms for potential privacy violations in the future. Right now if you use such a service you have to assume that 100% of the data collected will be permanently retained, and eventually made available to the people you would least like to have it. That may not happen, but it is very possible and one would be foolish to assume otherwise.

  • Comment number 9.

    Just a bit more on how mobile phone technology works and reveals your location. For a mobile phone company to know your location doesn't require a phone with a GPS locator. Just switching on any mobile phone reveals your location. (It has to or it doesn't work.) How the information is stored etc data protection, privacy etc is another can of beans completely.

    The mobile operator divides up the city into areas (cells), each area is typically sized at about 10 square miles.
    Each has a base station or transmission tower, often not visibly obvious. A typical large city can have hundreds of transmission towers to pick up and transmit your call; this is because mobile phones have low-power transmitters in them. Each mobile operator has around 800 frequencies to use. Because mobile phones and base stations use low-power transmitters (the signal doesn't travel as far as radio signals), the same frequencies can be reused in non-adjacent areas.
    As you call/Txt/mail/use Internet etc the carrier knows which cell your phone is in, and when you move into another cell, also if it has to transfer you to another frequency in order to continue the call, this also is logged.
    Clearly they'll (their equipment to be exact) also knows the number/URL/IP your phone is connecting with. Each operator also has to operate a central switch board in each city to transfer calls between base stations as you move around, from your mobile to a land line number and also to other operator networks.
    When you switch on your phone it scans for a control channel. The control channel is a special frequency that the phone and base station use to exchange information about your phone's pay plan and frequencies - if you get a 'No signal' message this means a) you're out of range b) it can't locate the control channel or c) your phone is damaged.

    If you move into an area covered by another service provider (called roaming), but not your provider, the call is simply passed to and handled by the other provider, they co-operate - and also charge each other; one reason for all this logging. If you're in a car, your call is simply passed along base stations and operators - like a rugby ball. (One reason why not all operators handle international calls, and those that do charge a small fortune.)
    I imagine as WiFi etc becomes more widespread (tech convergence) then cities will be chopped into smaller and smaller areas; so knowing your specific location - to the nearest 100yds - will become possible.

    At the point your phone locates the control channel, theoretically your mobile phone company knows your whereabouts, or at least which area (cell) you're in. It certainly does as soon as you use the phone. I suspect though that it only logs phone usage, however tracking - in order to locate stolen phones - is likely to be become more common. I understand it already happens.

    In America a law, Federal e911, requires that your cell phone carrier has to be able to provide your location information if a 911 call is made.
    You can download tracking software to your mobile phone so you can track it on your PC if it is stolen. (Make sure no one installs it on yours without permission.)
    Motorola is introducing a phone that enables parents to track their children. There are others.)

    But wait until this mobile device data is mashed with Facebook/Twitter/*this blog* etc etc - to let you know the location of other users, so you can suggest meeting up with those close to you - or you can track them (and they you) on Google maps etc, or your employer (or partner!) can track your movements, even out of work.

    There are some serious concerns here.

  • Comment number 10.

    As has been noted, mobile operators already know where their customers are at all times, as long as the mobile is turned on (technically, in some cases that I dare not describe here, even when it's off but as long as it has battery charge left).

    It seems to be something we need to live with, because currently it's technically impossible to operate the mobile network any other way.

    I even agree with our location being shared with the authorities if that means that our streets become safer as a result.

    But 'value-added' services by 3rd parties are a different matter. Sharing that kind of private information with massive for-profit organisations is way beyond what I find reasonable.

    For these kind of services, anything short of encrypted communication directly between my device and the devices of my friends will not cut it for me.

  • Comment number 11.

    10. At 06:08am on 06 Feb 2009, NoNameBoy wrote:
    As has been noted, mobile operators already know where their customers are at all times, as long as the mobile is turned on (technically, in some cases that I dare not describe here, even when it's off but as long as it has battery charge left).


    No, please do describe it here. How on earth can my network (or anybody else) track my phone when it is switched off, short of installing an RFID tag and standing right next to me?

  • Comment number 12.

    Well this stuff seems to be public domain anyway:

    So basically, the mobile operator can update the software on your phone without your knowledge (over-the-air firmware update) and turn the phone into a remote snooping device that can transmit not only location but also voice even when it appears to be switched off ('appears' is the key word that answers your question).

    The truth is that, as long as the battery is in the device you can never be too sure if it is really switched off or not.

  • Comment number 13.

    Following on from the link in NoNameBoy's post #12
    "Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set."
    Factually the above is correct; I've set the alarm clock on mine, then switched the phone off so as not to be disturbed, and been woken by the alarm sounding; so presumably some power is used to maintain functions such as date/time (as on a PC motherboard) etc. (I'd be interested to know what other background programs are also running.) So I imagine to could be turned into a transmitter.

    On the geolocation topic, I've come across a free software app (Psiloc’s Where I Am) for Nokia 3600s that lets you set an alarm that goes off when you reach a certain destination (don't worry about falling asleep on a train again), even if the phone is switched off, changes the phone settings if you enter certain buildings (switch from alarm to vibrate if you enter a hospital for example) and even automatically send a SMS letting people know your approaching them!

    On privacy, I understand that high street shops that sell surveillance equipment can supply eavesdroppers that let 3rd parties overhear conversations from phones within a certain range.
    Laptops and other WiFi devices are also now coming equipped with tracking software as means of attempting to recover stolen ones.

  • Comment number 14.

    "An employer provides staff with Latitude-enabled phones on which a reciprocal sharing agreement has been enabled, but does not inform staff of this action or that their movements will be tracked."

    Surely a more probably scenario is that an employer provides staff with the phones, tells them, but doesn't give them the option of removing it. I am not sure what the legal situation is, but few are going to make a fuss about it.

  • Comment number 15.

    isn't this pretty much standard on most gps phones once you download Google maps, but it's easy to switch off



The BBC is not responsible for the content of external internet sites