Intel drafts privacy license for mobile device software
Consumer-friendly policy requires good behavior from developers
IDG News Service - Intel Corp. has attached a privacy license to its new location-aware software product, intended to protect cell phone users’ personal information as mobile devices increasingly rely on tracking technology to provide targeted services.
Installed on a smart phone or ultramobile PC, location-aware software can use GPS (Global Positioning System) technology to produce tailored information like driving directions, nearby restaurants and movie schedules. The downside of that feature is that handsets can double as tracking devices if location data is not kept private. The abuse of such access could range from civil liberties violations to physical threats in the cases of vulnerable people like battered spouses, Intel fears.
So, Intel has added a privacy addendum to the Eclipse Public License it uses for the software application called Privacy Observant Location System (POLS), according to a posting on Intel's Web site by John Miller, the privacy and security policy manager of Intel's corporate technology group.
The addendum says that vendors must inform the end user what information is recorded and how long it is stored, and it requires developers to include opt-out capability so users can change those settings, Miller said.
POLS is a tool for mobile application developers that determines its location by triangulating between nearby radio beacons such as GSM (Global System for Mobile Communications) cells or Wi-Fi access points. Location-aware devices use various approaches, relying on the wireless provider to track every device, or on GPS chips, which can have poor reception in dense cities.
POLS supports eight models of Windows Mobile-based phones made by HTC (High Tech Computer Corp.) and Motorola Inc., branded by carriers including Audiovox Corp., Cingular Wireless, Orange PLC and T-Mobile USA Inc.
While Intel's ethics concerns are compelling, the market may be slow to react to this initiative because so few customers actually use location-based technology, analysts say.
Only 10% of the PDAs sold today are equipped with internal GPS antennas, and most of those are in Europe, where the more complex roads and diversity of languages have made street mapping a larger market, said Todd Kort, principal analyst for Gartner Dataquest.
In contrast, nearly 90% of CDMA (code division multiple access) phones from Sprint Nextel Corp. and Verizon Communications Inc. offer assisted-GPS technology, which relies on Intel's type of cell tower navigation technique. But most users don't know it exists or have chosen not to use it, he said.
"It's great that it's there, and someday we'll appreciate it, but it is something that's in the back of Americans' minds and will not be a driving force for sales," Kort said.
In the meantime, Intel faces a continuing challenge as it must convince developers to abide by its privacy initiative. The new addendum is useless if software developers don't obey it, so the company has begun a campaign to build support in the open-source community. Intel has asked members of the Open Source Initiative to refine and adopt the policy as an acceptable amendment to the OSI's standard open-source license, and made available to the open-source community at large.
"We believe that a bottoms-up effort to encourage the development of privacy-sensitive social norms is necessary, and in fact critical, for both privacy and public adoption of the technology," Miller said. "We post this information here with the hope that others will see value in this approach."
Intel drafted the policy after discussions with the Value Sensitive Design Research Lab at the University of Washington, with other academics at the University of California, Berkeley, and Johns Hopkins University, and with private-sector lawyers.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.