Carnegie Mellon's Lorrie Cranor to address Congressional subcommittees

PITTSBURGH—Carnegie Mellon University's Lorrie F. Cranor will discuss the risk and benefits of online services that collect and use location information to joint meetings of the U.S. Congressional Subcommittee on Commerce, Trade and Consumer Protection and the Subcommittee on Communication and Technology at 10 a.m., Wednesday, Feb. 24 in room 2141 of the Rayburn Office building in Washington, D.C.

Increasingly popular location-based services allow Internet users to share their location with friends, track employees or children, or receive information based on current geographic location. GPS and other technology built into cell phones and laptop computers allows people to be located automatically, often to within a few hundred feet. However, there is growing concern about the invasive nature of this technology, according to Cranor, an associate professor of computer science and engineering and public policy at Carnegie Mellon.

"Due to the way cellular technology works, for example, the widespread use of cell phones enables round-the-clock surveillance of citizens. It is important that the storage of individual location data be minimized and protections be put in place to limit when it can be disclosed to the government," said Cranor, who has conducted several studies about privacy issues and location-sharing technologies.

Another cause for concern is the lack of accessibility to privacy controls on a variety of location-sharing applications. During a recent evaluation of 84 location-sharing applications, Cranor's team found that "the majority of those privacy controls are not easily accessible from the main page or home page of the application itself."

"Only 18 of the 84 services we reviewed this month mentioned privacy controls or security on the front page of their Web site," Cranor said. "In most cases, it is almost impossible to find out what a service is going to do with your location information without signing up for the service and trying it out."

In addition, Cranor's team found many location-based services had no privacy policies posted on their Web sites, and those that did post policies often made no mention of location information.

Source: Carnegie Mellon University