Microsoft has joined the ranks of Apple and Google in attaining the dubious honor of being sued by its users over its location tracking practices. A lawsuit filed in a Seattle district court alleges that Microsoft's Windows Phone 7 tracks a user's location even when the phone's location services are supposedly turned off.
By this time, smartphone makers should be getting the message that users don't appreciate being tracked without their knowledge or consent. Location data ranks among the most personal types of information our devices can reveal about us, with the potential to expose where we work, where live, where we drop our kids off for school. As users, we have a right to protect that data from interlopers, including the companies that supply our mobile devices and services. Here are five basic rights that all users should demand from manufacturers and carriers that offer location-aware devices.
1. Everything Must Be Opt-In
The decision about whether to let a device track its user's movements belongs to one party only: the user. It's unconscionable that any smartphone should come with geolocation features enabled by default, regardless of the reason. If a user wants to let his phone track his movements, either in fine detail or in rough outline, the device should present him with the option to consciously enable the feature. By no means should a manufacturer assume a paternal right to track any aspect of a user's movements in the name of improved wireless service or any other motive, unless the user first opts in. As it happens, it was Google's opt-in policy that saved it from a recent lawsuit in South Korea.
2. Off Means Off
This should go without saying, but the current lawsuit against Microsoft suggests it needs to be stated clearly: When we turn off (or opt not to turn on) location services, that should mean the phone isn't tracking us at all, not "just track our movements in the aggregate." Users who choose not to enable location services on their phones should not have to worry about the phone continuing to compile data on their movements without their knowledge.
It's bad enough that cellphones have always allowed carriers to determine a device's position based on a triangulation of its signal, but that fact is simply an artifact of the way cellular communication works. There's no good reason why a user should be forced to accept being tracked by their handset's operating system as well.
[See our related story on a laptop tracking software lawsuit that's asking new questions about how far tracking technology can reach into your life.]
3. Clear, Comprehensible Labeling
When a user does opt-in to location services, it should be clear exactly what he or she is agreeing to. Most smartphones offer very poor labeling within location services menus, such that users aren't really sure to what degree their movements might be tracked. Google is beginning to offer increasingly lengthy explanations of what its location settings do, but Apple and Microsoft communicate considerably less detailed information. All three platforms need to do a better job of telling users exactly how their location data will be used by the device and by installed apps.
4. Granular Controls
Users have a right to determine which apps on the device, including the device software itself, can track their movements. All smartphones should include options to enable or disable location services for not only the individual apps, but also for the device itself. It's perfectly reasonable for a user to want to use Facebook Places, for instance, without necessarily wanting to let Apple and Google know where they've been.
5. Location Data Must Be Encrypted
Even when users do opt-in to location services, they have a right to expect that the data collected won't sit on their phones in an unencrypted state that might expose their movements in the event that they lose the device. A thief should never be able to discover where you live or work simply by opening up a file on your phone's hard drive. All of the major smartphone platforms get a big, fat F when it comes to protecting their users' location privacy with strong encryption, and they simply must do better.
In the new, all-digital issue of Network Computing: Microsoft and Citrix are closing the gap with VMware. Before you roll out the latest edition of vSphere, reconsider your virtualization platform. Download the issue now. (Free registration required.)