Failcon Privacy Panel topic: why are location services ignoring these guys?

Today I’ll be on a panel at Failcon about privacy. More on that in a second, but last week I visited the Gates Building at Stanford University. You know, that’s the building where Google’s founders went to computer science classes and developed Google.

While there I met a student, Arvind Narayanan, and a professor, Dan Boneh (you see them in the photo here) who showed me that they’ve developed a way to let people tell other people where they are located, or, especially, if Dan is near me so we can go and have lunch together. So? Doesn’t Foursquare do that? Doesn’t Google Latitude do that? Yes. But the system that Boneh’s team has developed does so without letting the host server or other users know. Whoa. How does it do that?

Well, through some neat cryptographic tricks. On the whiteboard they simplified it for me. Let’s say we were using Loopt and that Dan wanted to let me know where he was. He checks in, and a crypto key that I have would let me unencrypt his location without letting Loopt see that. It’s actually a lot more complex than that, and you can see how it works on the paper they drew up.

But after explaining it all to me, they said none of the location-based services were interested in it.

Why not? Well, there’s huge commercial value in knowing where you’re located and they just aren’t willing to build really private systems that they won’t be able to get at the location info. Think about a Foursquare where only your friends would be able to see where you were, but that Foursquare couldn’t aggregate your location together with other people, or where it wouldn’t be able to know where you are itself. They wouldn’t be able to offer you deals near you when you check in, the way it does today.

The truth is that both companies and consumers aren’t demanding these kinds of features, so until they do this neat idea will remain code on Dan’s whiteboard.

I think it’s interesting to see that not every idea leaves that whiteboard at Stanford and becomes a commercial success like Google was. It did take me back to about 13 years ago, though, when Larry Page and Sergey Brin probably sat in that same office writing code on the whiteboard and explaining it to their professors. What a place to visit.

Anyway, I’ve been thinking a lot about privacy lately. Turns out that even though I’m a very public person and don’t personally use many privacy settings on, say, Facebook or other services (in fact, I usually turn them off) there ARE some reasons for the industry to focus on privacy. Why?

Well, privacy goes beyond just keeping the government out of our bedroom. Here’s some ways I see privacy now:

1. Noise control. I love sharing my kid’s photos with you. But, I bet that you aren’t all that interested in them. So, can you tell the system “I like when that Scoble guy talks tech, but not when he talks kids?” Not really today. To me that’s privacy and yes, I know, most of you don’t see it as a privacy issue. It’s the control of what appears on your screen. Why should someone else be able to shove something onto your screen you don’t want?

2. Audience control. There are some things that we want to aim at only a certain audience. This is actually what most people think of when they think of privacy. Can they publish a photo and only have their close personal friends see it? Or, can they publish a photo and have only their dad see it? Over on Facebook, for instance, I have a group for my family and I can publish stuff into it. But am I sure that stuff I put there will only be seen by my family? Not really. They could copy the screen and publish it elsewhere. Mark Zuckerberg, for instance, last night, told us all where he was eating thanks to Facebook Places. Did he really want that to be reblogged and retweeted? I don’t know, because Facebook doesn’t have good enough audience control mechanisms.

3. Timing control. I love using Glympse to tell my friends where I am (you can even use it to let everyone know, or keep it just to some private small group or one person). On it you can set how long that information will be available. That’s timing control and has nothing to do with the other two pieces of privacy. I wish more systems had timing controls like this, especially location systems. Imagine if Foursquare only let you look at someone else’s location info for, say, two hours. That would keep you from going back and making a historical record, which could help house thieves figure out when you won’t be home.

4. Government control. This is what a lot of people think is privacy. Is your data being looked at by a governmental agency? Even public data. We’d love to know, but I think the cat is out of the bag on this one and we just have to assume they are looking at all of our data.

5. Service control. If I check in on one system, does it spray that info to other systems that I might not want to know? That’s happening more and more frequently. For instance, just last week I learned that Zagat and Starbucks made deals with Foursquare. Did you know that? Do you know where your data is traveling and being sold to? Did you know that if you tweet on Twitter that your Tweets can show up on Bing and Google? Most people don’t really know that and being able to control that would be nice, but, again, another cat out of the bag and I don’t see us getting that control back.

6. Commercial control. Which advertisers get to track us? See our data? Push ads in our face? Etc. These two guys at Stanford also developed a system that would give you control of that, but that’s even less likely to be picked up by industry so I didn’t even cover that here. Why? Momentum and prior art. At least in location business we’re all building our behaviors now, so we have a chance to change them. But their ideas involve new browsers and new technology to put us in control and that just won’t happen.

7. Bedroom control. This is the last bastion of privacy. Is there a reasonable expectation of privacy behind walls? Well, yes. But we are developing technologies that can see through fences, through bushes, and through walls. These technologies won’t be limited to governments soon either because of high cost or other barriers. If you can shine a laser through your windows, you can see and hear a lot more than most people might think. Add radar, which even my car has on it now, and privacy can fall. This is one area that humans will resist the most, but it’s still going to see attacks due to technology.

Out of all these areas, the one that personally interests me the most is noise control. Most people don’t see that as a privacy issue, but it’s the issue that concerns me the most.

What about you? What’s privacy to you? And do you see the industry ever caring enough to visit those two guys at Stanford and using their code?

I don’t, which is why their visits to various location players and other tech companies will continue to get ignored. Sorry guys.