Location Privacy in Pervasive Computing

M any countries recognize privacy as a right and have attempted to codify it in law. The first known piece of privacy legislation was England's 1361 Justices of the Peace Act, which legislated for the arrest of eaves-droppers and stalkers. The Fourth Amendment to the US Constitution proclaims citizens' right to privacy , and in 1890 US Supreme Court Justice Louis Brandeis stated that " the right to be left alone " is one of the fundamental rights of a democracy. 1 The 1948 Universal Declaration of Human Rights 2 declares that everyone has a right to privacy at home, with family, and in correspondence. Other pieces of more recent legislation follow this principle. Although many people clearly consider their privacy a fundamental right, comparatively few can give a precise definition of the term. The Global Internet Liberty Campaign 3 has produced an extensive report that discusses personal privacy at length and identifies four broad categories: information privacy, bodily privacy, privacy of communications, and territorial privacy. This article concentrates on location privacy, a particular type of information privacy that we define as the ability to prevent other parties from learning one's current or past location. Until recently, the very concept of location privacy was unknown: people did not usually have access to reliable and timely information about the exact location of others, and therefore most people could see no privacy implications in revealing their location, except in special circumstances. With pervasive computing, though, the scale of the problem changes completely. You probably do not care if someone finds out where you were yesterday at 4:30 p.m., but if this someone could inspect the history of all your past movements, recorded every second with submeter accuracy, you might start to see things differently. A change of scale of several orders of magnitude is often qualitative as well as quantitative—a recurring problem in pervasive computing. 4 We shall focus on the privacy aspects of using location information in pervasive computing applications. When location systems track users automatically on an ongoing basis, they generate an enormous amount of potentially sensitive information. Privacy of location information is about controlling access to this information. We do not necessarily want to stop all access—because some applications can use this information to provide useful services—but we want to be in control. Some goals are clearly mutually exclusive and cannot be simultaneously satisfied: for example, wanting to keep …