Boffins propose Pretty Good Phone Privacy to end pretty invasive location data harvesting by telcos • The Register

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Computer science boffins have devised a way to prevent the location of mobile phone users from being snarfed and sold to marketers, though the technique won’t affect targeted nation-state surveillance.

“We solve something that had previously been thought impossible – achieving location privacy in mobile networks,” said Paul Schmitt, an associate research scholar at the Center for Information Technology Policy (CITP) at Princeton University, told The Register.

In “Pretty Good Phone Privacy,” [PDF] a paper scheduled to be presented on Thursday at the Usenix Security Symposium, Schmitt and Barath Raghavan, assistant professor of computer science at the University of Southern California, describe a way to re-engineer the mobile network software stack so that it doesn’t betray the location of mobile network customers.

“It’s always been thought that since cell towers need to talk to phones then all users have to accept the status quo in which mobile operators track our every movement and sell the data to data brokers (as has been extensively reported),” said Schmitt. “We show how it’s possible to protect users’ mobile privacy while at the same time providing normal connectivity, and to do so without changing any of the hardware in mobile networks.”

In recent years, mobile carriers have been routinely selling and leaking location data, to the detriment of customer privacy. Efforts to alter the status quo have been hampered by an uneven regulatory landscape, the resistance of data brokers that profit from the status quo, and the assumption that cellular network architecture requires knowing where customers are located.

But thanks to evolving networking technology, which has shifted many core cellular functions from hardware to software, it’s now possible to redesign mobile networks to limit the availability of location data.