They Know Where You Are
New technologies can pinpoint your location at any time and place. They promise safety and convenience-but threaten privacy and security
The terrorist blast had destroyed the office building. Piles of glass and concrete littered most of a city block, the air was thick with dust, debris still smoldered. The police had no suspects but had already sent out an all-points alert. Then, when troopers pulled a van over for making a couple of risky lane changes, they found a pile of fertilizer sacks and an empty fuel-oil drum in the back. A duffel bag held a change of clothes, a small kit with a new razor and other toiletries, and a .45-caliber pistol. The truck had been stolen, and the driver wasn’t talking.
Within an hour, some 1000 km away, an FBI team walked into a Wal-Mart with pictures of the arrested man. One of the cashiers recognized the face. ”There were four of them,” she said. ”One of our regular customers said they were friends visiting from out of town—but that guy’s a loner. He lives out on County 15.”
This may sound like the start of a mediocre TV drama. But given recent events—and coming technical advances—it just might be a scenario pulled from tomorrow’s news. Here’s the rest of the story: a bit of microcircuitry called a radio frequency identification (RF-ID) tag was embedded within the package of razor blade cartridges in the suspect’s toiletry kit. The manufacturer inserted it into that package, and all others of its kind, to let retailers track inventory cheaply and conveniently. But because the tag carried a unique identifying code, the FBI could scan it, check it against a database, and then track down the store where the razor was purchased.
The future, in this case, is already here. This past January, the Gillette Co. (Boston) announced that it would purchase up to half a billion RF-ID tags to put on its Mach3 and Venus razors and razor blade packages. The tags, which contain chips that respond to an RF field from a scanner, are now being used in a test by Wal-Mart Stores Inc., by the UK-based grocery chain Tesco PLC, and most recently by Metro AG, Germany’s largest retailer, to determine whether the technology can streamline inventory management and save retailers billions of dollars a year in supply chain costs.
It’s not much of a stretch to imagine this relatively benign way of tracking goods being put to other, more dramatic uses. Indeed, RF-ID tags are only one example of a coming wave of wireless communications technologies that will be everywhere in the next year or two, merging location and time-related information.
The most spectacular of these will be large-scale systems that piggyback on cellular networks to locate any cellphone on the network—in other words, in the near future, your whereabouts won’t be a secret if you are carrying your cellphone. Other plans revolve around smaller-scale technology that will, for example, let you buy an item merely by pointing at it with your cellphone.
The commercialization of these technologies promises to make your life safer, easier, and more enjoyable by providing instant, personalized information. It might even save your life by helping rescue officials find you in an emergency, no matter where you are.
But these benefits will almost certainly cost you some privacy. In the case of the tagged razor blades, the loss will be small and incremental; with cellphone tracking, it could be substantial and potentially intrusive. So, in coming months, expect some clashes as watchdog groups, businesses, and governments try to find common ground and deliver the benefits of location tracking with the least possible intrusion.
The current push for location-based services in North America started in 1996, when the U.S. Federal Communications Commission (Washington, D.C.) passed its much-debated Enhanced 911 (E911) mandate. This rule, revised in 1999, requires wireless carriers to be able to locate, within 50 to 100 meters, any wireless phone calling 911, the U.S. nationwide emergency service number. The object is to let emergency operators pinpoint where a call comes from so that responders can find you if you don’t know your location, cannot speak properly, or get cut off. U.S. wireless operators currently have until December 2005 to comply with this proviso.
In the meantime, rollout of the capability has already begun in some places. Since late 2002, for instance, the entire Sprint PCS network has had an emergency locator capability. Another network, Cingular Wireless, has successfully tested a location technology in Wilmington, Del.
This location technology requires few modifications to cellphones. Location methods may, but often do not, make use of information from the Global Positioning System (GPS), the constellation of U.S. military satellites that are used to guide everything from bombs to ordinary passenger cars. Exactly how the location technology is implemented depends on the underlying cellphone network.
In Europe, the prevailing cellular standard is the Global System for Mobile Communication (GSM), which is also now taking root in the United States. For GSM networks, the location technology of choice is called Uplink Time Difference of Arrival. This technology depends on a form of triangulation: it requires at least three cellular base stations to receive a signal from the wireless handset, and then computes the location from the differences in arrival times of the three signals. Accuracy is best in urban areas of dense base-station coverage. The technique does not require that subscribers buy new handsets, and it does not affect network performance.
A drawback is that location measurement units costing as much as US $10 000 must be installed at each base station. The dominant cellular technology in the United States, time-division multiple-access (TDMA), also typically uses the Uplink Time Difference of Arrival method for determining location.
Meanwhile, code-division multiple-access (CDMA) networks, which is a spread-spectrum method of communications that is making inroads into TDMA, are turning toward a location technology called Assisted GPS, which, as its name suggests, makes use of the satellite network.
With this method, the wireless carrier or an independent GPS reference data-feed service sends ”hints” to the mobile phone via the network, using information from GPS receivers deployed at the various cell sites. These hints suggest the GPS satellites that will give the quickest fix on the position. These hints are particularly necessary when the phone is indoors and GPS reception is more limited.
A server and GPS receiver must be installed at each cell site, for a total cost of $2000 per site. A GPS receiver is also built into each handset. Accuracy is good outdoors, particularly in rural or suburban areas, where satellite signals can be received easily, but may be poor indoors, where satellite reception is obstructed, and in urban areas. Examples of networks using this technology include those operated by Sprint PCS, Verizon Wireless, and Nextel Communications.
The benefits of location technology aren’t limited to subscribers—it will also help wireless carriers improve their systems, by making every enabled handset an instrumentation probe. The handsets will be able to provide information on signal quality by geographic location, providing instant information on problem areas. Today, technicians gather that kind of information by driving to specific sample sites and making measurements, a time-consuming and inefficient solution.
For now, mandating mobile location service is strictly a North American phenomenon. In Europe, the 911 equivalent, 112, is currently available only on wire-line telecom networks, but beginning 24 July 2003, both wire-line and wireless carriers will legally be required to deliver location information on 112 calls—Enhanced 112 ( E112). There is no accuracy or technology mandate in delivering this capability; carriers need only do whatever is technically feasible for their network.
So most European Union wireless carriers will use Cell-ID positioning to fulfill these requirements. This very basic form of location technology uses the latitude and longitude of the cell site handling the call as an approximation of the phone’s position. The level of accuracy depends on the size of the cell site’s coverage, and varies from hundreds to thousands of meters.
Pay by phone
Though North America is forging the way in emergency aspects of cellular-based location technology, it is lagging behind Europe, and especially behind Asia, in commercial uses. For a glimpse of what’s to come, consider Tokyo, where a cellphone is, well, more than a cellphone. Sitting in your car, you can easily use it to get localized traffic updates, weather reports, street-by-street navigation assistance—and even find out the location of the nearest Starbucks [see diagram, "A Java App: Where's the Nearest Java?"]. Coming soon in various regions (for better or worse): you will be able to opt in for personalized advertising—instant notification, for instance, as you walk by your local drugstore, that your favorite brand of toothpaste is on sale.
Vending machines present another world of opportunity. Imagine being able to walk up to such a machine and buy something with a few keystrokes on your mobile handset. No bills or coins or ATM or debit cards are needed. All that is required is a network precise enough to recognize your location relative to the vending machine and a micro-billing system to debit your bank account or add to your cellphone bill.
Coming soon (for better or worse): opting in for location-based personalized advertising
To create a seamless, easy-to-use vending system that allows cellphone billing, however, the 50- to 100-meter accuracy of the coming cellular location technologies won’t be good enough. Trying to find out what is good enough, wireless carriers in Europe and Asia are running several trials using hybrid approaches such as toll-free numbers to call in machine identification information or scanners on vending machines for bar codes displayed on the phone screen [see diagram, "Park by Phone"]. But developing and implementing the infrastructure—the compatible vending machines and handsets, the more sophisticated location technology—won’t be cheap. And billing and roaming arrangements will be complex.
In the interim, however, a number of smaller-scale—and cheaper—technologies can position people and objects even more precisely than cellphone-based systems, but they work over much shorter distances—that is, from just a few meters to a few hundred meters.
Near instead of far
What good are they? Suppose you want to make sure your child doesn’t stray too far from you in a crowded store. Or suppose a hospital wants to know where the nearest doctor is. Or perhaps your smart house needs to know who is in what room so it can adjust the temperature settings to an individual’s personal tastes. Applications like these require precise, but short-range, location sensing.
One solution being considered for distances under a kilometer is ultrawideband, a technology that works by broadcasting many short data pulses over a wide spectrum of frequencies. It is a fairly simple technology to implement, and provides excellent accuracy in the range of half a meter to 10 meters. Potentially, it could be used up to hundreds of meters under current licensing.
In commercial applications, ultra-wideband receivers about the size of cigar boxes and costing, at this early implementation point, around $2000 could be positioned throughout a busy facility such as a factory or a hospital. The receivers would keep track of equipment and personnel, all of whom would be wearing small, low-power transponders not much bigger than poker chips and currently costing around $25 each. Parco Merged Media Corp. (Portland, Maine) currently offers hospitals a real-time location system similar to this.
Another ultra-wideband technology developer, Aether Wire & Location Inc. (Nicasio, Calif.), foresees its ultra-wideband ”localizers” as coin-sized transceivers, accurate to within a centimeter at a distance of 1 km, embedded in personal safety devices (that child in the mall again). The company also projects using the receivers for such mundane operations as inventory control systems, and for such futuristic ones as ”cybernetic servants” and autonomous vehicles guided by localizers placed along the side of a road.
Of course, lots of applications don’t need localizing nodes with real processing power. Consider a scenario in apparel retailing. A woman walks into a dressing room carrying a dress. She tries it on and looks in the mirror. Meanwhile, a terminal in the corner of the room displays the dress with a variety of accessories. It has identified the dress using a pinhead-sized tag incorporated into the garment’s label. This is exactly what Italian fashion designer Prada has operating in a dressing booth in a New York City store, where RF-ID tags are on all the clothing.
These RF-ID tags can be made much smaller and cheaper than ultra-wideband nodes, and they can be attached to just about anything. Each tag contains an antenna and a simple integrated circuit. It sends identification data in response to a query from a reader or scanner at distances of centimeters to meters. The tags can be passive, borrowing energy from the scanner’s RF signal to send their reply, or they can be active, with battery power and the ability to transmit their own signals. While the tags use security codes and encryption, they can be as small as Hitachi’s 0.4-mm2 chip. Originally designed to operate at around 134 kHz, today they work in frequency ranges extending as high as 5.8 GHz for longer-distance applications.
Manufacturers like Gillette, the Gap, Marks & Spencer, and Benetton are already integrating these devices into labels, weaving them into fabric, or embedding them in paper or bindings. They cost about 50 cents today, and there’s no reason why they can’t cost 5 or 10 cents in a couple of years.
In an antitheft application, the tags send position information to scanners, which in this case do not need to be in the line of sight. The scanning system records the information and can send an alert, for example, if the tag is not properly deactivated when an item leaves the store.
In more customer-friendly applications, the same technology might be used to drive electronic displays—like the one in the Prada dressing room—or advertisements displayed on your grocery cart. Retailers can consider including other data in their systems, like credit card limits and past purchases. They can employ other technologies, like e-mail alerts via your cellphone, to provide such services as an instant discount on accessories to go with that new computer you just bought.
Before we can enjoy these benefits, we’ll have to work out some prickly privacy issues. The thorniest, arguably, concern the fact that location technologies can theoretically create a trail of what you’ve been doing and where you’ve been doing it. And if investigators bother to correlate information from different databases, the picture could be quite detailed.
Who should be allowed to collect this data, and when does it invade your privacy? What are the ethics of sharing this information? Should your health insurer have access to the fact that you drink an average of half a bottle of vodka a day? Should your employer know that your call to say you’re too sick to come in to work came from a ski resort?
Someone with the ability to correlate large amounts of data—whether a business, health care provider, or government agency—might very well deduce more information from a system than was originally intended. Though database designers work hard to put checks in place, clever users who pose multiple questions always pose a threat.
For example, consider an electronic transponder-based toll collection business. This business uses sensors at tollbooths to track transponders and calculate the toll due. At the end of the month, the business sends the driver a bill. Concerned about privacy, the company, while it sells records of transponder numbers, locations, and times so that others can analyze traffic congestion, never associates transponder numbers with customer names and never makes that information available.
A credit card issuer, however, could buy that information and then correlate charges appearing on a customer’s credit card with the cost of tolls incurred by the anonymous transponder number. By matching transponders with customers, the issuer can thus learn which customers are driving well over 15 000 miles per year and are good candidates for a low-interest-rate car loan. Here the correlation has completely bypassed the safeguards that the toll collection company thought it had in place.
And what will a service provider be obligated to do if a government agency demands data about someone’s past purchases or travels? In the San Francisco Bay Area, the issue received national attention last year when the regional transportation agency proposed placing transponders in cars to provide data for a traffic management study. Opponents wanted to know what use would be made of data that indicated that a driver was speeding or driving in some way that might be construed as suspicious. A privacy plan to prevent this was quickly developed.
In some cases, the government has legislated the use of location technology in ways that could be construed as a violation of privacy. The Transportation Recall Enhancement, Accountability, and Documentation (TREAD) Act, enacted in November 2000, makes real-time tire-pressure monitoring compulsory on all cars produced in the United States, with some implementations required as early as this year. TREAD requires a tire-labeling system and associated record keeping that will identify individual tires. Tire companies such as Compagnie Générale des Établissements Michelin (Clermont-Ferrand, France) are already experimenting with embedding small RF transmitters with unique tire identification codes. These sensors can be read with a small handheld or curbside device. It’s not much of a stretch to imagine the installation of monitoring systems in parking lots, ramps, and tollbooths to track the location of vehicles.
Generally, in the debate over the use of location technologies, several fundamental questions are being asked. For instance, what is being collected? An E911 system obviously must collect location information, but will that system also collect location information when you are using your phone for other calls?
Then, too, if you choose to use a commercial location service, is that service collecting your personal ID code or merely generic data that an unnamed person was at a specific location at a particular time? What information will officials keep, and how long will they keep it? Can they sell it to other companies? If so, what rights will you have to check information? What rights will you have to challenge the data gathered about you? Issues like these transcend location technology, challenging the meaning of privacy in our increasingly digital world.
In the United States, the FCC is not hurrying to address location-related privacy concerns. In July 2002 it rejected a petition from the wireless industry’s Cellular Telecommunications & Internet Association (Washington, D.C.) calling for rules to govern the collection and use of location data generated by wireless communications systems.
The FCC’s stated belief is that mandated and public safety services such as E911 will provide benefits exceeding the privacy concerns. It expects many services to be offered with an ”opt out” clause allowing individuals to block knowledge of their location either permanently or temporarily. To a certain extent, this is happening with E911, as wireless carriers have discovered that continuous tracking of every user’s phone would be too costly. Phones now will block transmission of location information except in the case of an emergency call.
The challenge for carriers will be to offer compelling commercial services with a believable guarantee of privacy and safety. Such services stand a better chance of becoming a ”necessary convenience” that is part of day-to-day life.
The challenge for the rest of us will be to ensure that legislation and standards are put in place, making it possible to collect, store, manipulate, distribute, and maintain location information responsibly and preparing us to deal with the nuances and implications of the technology. Few people want Big Brother watching them—whether it’s an unregulated wiretap, their favorite store bombarding them in the mall, or non-stop, personalized advertisements on their phone. The issue is not one of technology; it’s a question of social maturity.
To Probe Further
The latest on E911 from the U.S. government’s perspective is found at the Federal Communications Commission’s Web site at http://www.fcc.gov/911/enhanced/.
A list of examples of how radio frequency identification (RF-ID) tags can be used for tracking everything from livestock to beer kegs—along with more mainstream applications, such as tagging airline baggage and hotel room keys—is available at http://www.rf-id.com/apps.htm.