March 28, 2008

Spy Phones and Enterprise Architecture

Enterprise architecture is running into many situations these days with new and exciting technologies that raise the hairs on the back of your neck in terms of privacy and security concerns.

One such technology is phones that provide GPS tracking on YOUR location to others and vice versa.

The Wall Street Journal, 28 March 2008, reports “would you want other people to know, all day long, exactly where you are, right down to the street corner or restaurant? Unsettling as that may sound to some, wireless carriers are betting that many of their customers do, and they’re rolling out services to make it possible.”

One example, “Sprint Nextel Corp. has signed up hundreds of thousands of customers for a feature that shows them where their friends are with colored marks on a map viewable of their cellphone screens.

Making this people-tracking possible is that cellphones today come embedded with Global Positioning System technology.” GPS was developed by DoD using a network of earth satellites that “determine an object’s [or person’s] location based on how long it takes for a signal to reach the object from satellites.”

GPS enables not only mapping features like driving instructions, but also “tracking of cellphone users’ whereabouts in real time.”

The drawback with this high potential technology is that the location-tracking may be “abused by stalkers, sexual predators, advertisers, or prosecutors.”

Sam Altman, the CEO of Loopt (the location tracking service that Sprint Nextel and Verizon Wireless will be using) states: “it’s one of those things, the more you think about it, the more ways you can figure out a creep could abuse it.”

A related issue is “under what circumstances carriers or service providers like Loopt will have to turn over realtime location information in criminal proceedings.” Will this require a simple subpoena or a more stringent order based on probable cause?

Sprint is concerned enough about the security and privacy issues that it requires customers sign a disclaimer that states that “Sprint is not responsible for the Loopt service” and customers disclose their location “at your own risk.” Similarly, Loopt has “several pages of disclaimers and privacy notices.”

“The Federal Communications Commission back in 2002 considered issuing regulations for commercial location services, but decided it was too early to delve into the issue. The agency says it hasn’t any plans to restart those proceedings.”

While vendors are building in a number of protections, such as limiting the users who can view your whereabouts or features that allow users to give false locations, there continue to be concerns about potential for misuse and abuse.

The result is that with promising technologies such as location-tracking and the counterbalancing issues of security and privacy, enterprise architects will continue to be challenged on recommending these as part of an organization’s target architecture and transition plan.


No comments: