Privacy and Location Data

I was just reading a post about a Google service and slashdot’s reaction to how they track the location of users for various reasons. This got me thinking about how Centrify’s cloud service uses location data.

Firstly – one of the advantages of a service, such as ours, that manages mobile devices and provides application authentication and access control is that it is possible to combine these two. For example an administrator can say that this application is only allowed to be used on devices within 10 miles of a given location.

Centrify’s service tracks location in 2 ways. First it uses IP address to location mapping; most IP addresses can be tracked back to a location. This can be very rough (although it can be surprisingly accurate), in particular 3G devices are detected as having IP addresses belonging to the large switching centers where the 3G data is placed on the internet. For example my AT&T phone is has an IP address that maps to somewhere in Georgia (I am in WA). Secondly we use the GPS services on the devices to get exact location.

We treat the IP level location data as non-private (in the sense that administrators can see it – we don’t share it out publicly). We treat the GPS data as private: we know it, we will show it to the user, but we won’t tell the admin. The IP data allows us to do things like this nice map:


Interestingly some people have questioned the privacy implications of even this level of detail – you can drill this map down to individual logins but still with very rough locations. Our feeling is that your IP address is not personal data and the DB that maps IP to location is public so its not really an issue.

Of course the GPS based location is quite different – its extremely accurate (5 meters or less). This we treat as private and don’t allow an admin to see it. Here’s what the user sees:


The map on the right shows the location of his devices.

We allow a user to say ‘don’t capture this data’ if they are truly concerned about us keeping it safe – and of course the device will tell them that an App is trying to get their location (and they can refuse to give it permission)

However there are clear cases where allowing the business to see device location is needed; for example, think of having dash-mounted tablets in delivery trucks. We don’t allow this at the moment but surely will at some point. There are bound to be grey areas. What we don’t want to do is act as the referee between the end users and the admins; its a tough challenge.

We already support the use of the IP-based location for application policies (‘only allow this app to be used in the US’ for example) and will soon extend this to GPS based location (or WiFi-based on desktops). Now if a user refuses to allow their location to be read they wont be able to use an app. Another potential conflict.

Its a tough balance – location brings a lot of useful capabilities (in the business and consumers worlds) but makes a lot of people feel they are being micro-managed

What do you think?