The proliferation of location-based devices raises new concerns about privacy and security
This sidebar accompanies Cyber-Location Nexus, the 2013 Issue 2 cover story by Kristin Quinn.
Keith Filzen, an independent security consultant for the federal government and industry, specializes in location obfuscation. In other words, he helps federal employees and defense contractors mask the geo-location features enabled by a range of mobile devices, such as smartphones or the OnStar system in many vehicles.
It’s relatively simple to tie the profile of a person or entity with a virtual location in the form of an IP address and a physical location in the form of GPS coordinates, according to Abe Usher, CTO of HumanGeo. This is a fact government and industry is becoming more acutely aware of.
“Everything that’s fantastic about what’s going on commercially—turn 180 degrees and that’s basically the national security and intelligence perspective,” Filzen said. “That’s the direction they want to go away from. They don’t want you to know there’s an FBI agent filling up for gas on the corner of G St. and 1st with a government vehicle. Since he has his personal cell phone with him as well as a government phone, being able to tie those records together in cyberspace isn’t that difficult.”
Filzen said it’s naïve to think your geo-location is secure. He points out if the U.S. has access to this information about its adversaries, they can gain the same information about us. Conversely, if we can mask our true locations, they can as well.
“There’s a lot of work going on right now under the guise of privacy that will allow you to mask or obfuscate your location,” Filzen said. “This compounds things, because if we’re doing it then everybody else is doing it too, including our adversaries.”
It’s important to find balance in today’s highly connected, location-enabled world, Filzen said. Obfuscation allows him to fit in and embrace mobile technology, while still controlling his digital footprint.
Location-based features of social media accessed via mobile devices are also playing a greater role in security, according to David Tohn, executive director of the Cyber Technology Innovation Center for CyberPoint. Whenever CyberPoint gains a new client, the first step toward evaluating the customer’s security is attempting to breach its network. Tohn shared an anecdote that clearly depicts the intersection private and professional lives can take in the form of social media.
In one case, CyberPoint drew a network of a company’s employees using social media sites such as Facebook, LinkedIn, and Instagram. By looking at photos and other geo-tagged social media posts, CyberPoint was able to pinpoint individuals who were having an affair. The company then posed as human resources and sent an email to the individuals that included an attachment. The startled employees immediately opened the file, and boom, CyberPoint had infiltrated the network.
“Imagine the potential if this were done to government employees,” Tohn warned.
This is a concern that will only grow.
“Location has never been as important in computing as it is today, largely because of the proliferation of location-enabled devices,” Usher said.
While location-based services today exist primarily on smartphones, experts say in only a few years the technology will infiltrate more consumer devices, such as entertainment centers and kitchen appliances.
“The interaction between the cyber and the physical world is inherent,” Tohn said. “It’s not an either/or. It just is.”