Mobile operators know where we are at all times. They need to know our location precisely in order to redirect calls to us and provide us with their services. The point is that some operators sell the data thus collected – it is supposed to be duly anonymized – to data brokers , companies that are dedicated to crossing databases to make profiles of the population and to be able to better segment advertising.
There is nothing that the user can do to avoid being located. Deactivating the GPS, for example, is useless: the operators trace our position using other methods. If I didn't, the system wouldn't work.
But what if that wasn't exactly the case? What if it was not essential for operators to know our location for the mobile architecture to operate correctly? That's what two American scientists propose: Paul Schmitt, from Princeton University, and Barath Raghavan, from the University of Southern California (USC). The system they have devised consists of the operators assigning each terminal an abstract value not related to the telephone number or the name of its owner. The identification would be carried out with a system of tokens (or virtual tokens) that would require an external service to support the operation.
“From an academic point of view, the idea may be interesting because it proposes solutions to the fact that the operators cannot continue ”, says Víctor Gayoso, member of the ITEFI (CSIC) Cryptography and Information Security research group,“ but it has so many limitations and it would require changing the current model of use of mobile telephony so much that it does not seem practical ”.
Regardless of the technical complications, the value of the work by Schmitt and Raghavan –which is being reviewed for publication– is that it questions the immutability of the system. So believes the philosopher Carissa Véliz, author of Privacy is Power (Bantam Press, 2020). “The model shows that privacy transfers are being seen as unavoidable. The maxim that for everything to work there has to be a great collection of data, that if you want technology you have to give personal information, we no longer believe it ”, he reflects.
operators locate us Mobile operators know everything moment to which base station – the antenna that radiates in a coverage area – we are connected. With power measurements, they can determine the distance between each terminal and the antenna. It also turns out that the coverage areas are usually sectorized: several antennas are placed per area, in a way that improves the service and also the precision with which each terminal can be located. The objective is to be able to locate with a margin of error of one meter, which would allow us to know up to which floor of a building the user is located.
The deployment of 5G will further increase the precision of the location of mobile phones. “With 5G, we will only connect to one tower at a time, and these will be everywhere, so the antennas will have a much shorter distance range and our mobile operator will be able to determine our location and trace the path we take with much more precision ”, explains Manuela Battaglini, an expert lawyer in data ethics and CEO of Transparent Internet.
“ The architecture of mobile telephony is nourished by a bygone era in which privacy measures were lower, providers were highly regulated and centralized, there were few mobile users and the data broker ecosystems were underdeveloped ”, point out Schmitt and Raghavan in their article. “In recent years it has been extensively documented that operators have been routinely selling data on the location and metadata of the calls of hundreds of millions of users. As a result, in many countries any mobile user can be physically located by anyone for a few dollars. ”
One solution or more problems?
Arturo Azcorra, professor at the Carlos III University of Madrid and director of IMDEA Networks, agrees that the proposal is difficult to put into practice. “It is an interesting idea, which could be implemented at any given time, if there was enough social pressure on the operators. I see it complicated. It would make the system a little more expensive and complex, increasing the operating cost somewhat ”, he emphasizes.
"We think the cost overrun would be negligible, as the changes would apply entirely to the software," argue Schmitt and Raghavan by email. “In fact we were able to prototype the model with minor modifications on an open source mobile phone. We believe that it could be easily implemented by the majority of operators ”, settle. PP Gayoso, from the CSIC, still does not see it operational. “Any mobile operator has a lot of personal data. But the fact that they sell location data to other companies, which remains to be seen, is solved with legislation. It can be established that the only case is when a judge asks you to do so. Changing the technical architecture when it is easier to do it in another way is to kill flies with gunshots. ”
The important thing, Véliz insists, is that the scientific community is working on solutions to minimize the violation of our privacy. For example, with TOR-like layered encryption systems . “Ultimately it is about complicating the data flows so it is not obvious who does what. If your operator really wants to identify you, they can. The thing is that it is not automatic, that it costs you work. That it cannot be done automatically. ”.
You can follow EL PAÍS TECNOLOGÍA RETINA at Facebook , Twitter , Instagram or subscribe here to our Newsletter .