Latitude is based on a reciprocal opt-in system. After this has been executed, location data is made available on a time-to-time or continuous basis. According to the group, which monitors surveillance and privacy invasions by governments and corporations, this arrangement might seem an adequate protection. However this safeguard is largely useless if Latitude could be enabled by a second party without a user’s knowledge or consent.
“Many people will see Latitude as a cool product, but the reality is that Google has yet again failed to deliver strong privacy and security. The company has a long way to go before it can capture the trust of phone users,” according to the Director of Privacy International, Simon Davies. “As it stands right now, Latitude could be a gift to stalkers, prying employers, jealous partners and obsessive friends. The dangers to a user’s privacy and security are as limitless as the imagination of those who would abuse this technology.”
The danger arises when a second party can gain physical access to a user’s phone and enables Latitude without the owner’s knowledge. PI said it was unaware of a way this could be achieved remotely.
Google, in a statement, said that is already has a safety feature working on certain mobile devices that actively alerts users that Latitude is running.
“We are in the process of extending this notification to other mobile platforms supporting Google Latitude, which will be ready in the very near future,” the company said.
Privacy International created five scenarios that could create threats:
– An employer provides staff with Latitude-enabled phones on which a reciprocal sharing agreement has been enabled, but does not inform staff of this action or that their movements will be tracked.
– A parent gifts a mobile phone to a child without disclosing that the phone has been Latitude-enabled.
– A partner, friend or other person gains access to an unattended phone (left on a bar on in the house) and enables Latitude without the other person’s knowledge.
– A Latitude-enabled phone is given as a gift.
– A phone left unattended, for example with security personnel or a repair shop, is covertly enabled.
– Once the phone has been enabled, the second party will be able to mask his phone’s presence, thus ensuring that the victim is unaware that her phone is being tracked.
— Express your opinion, comment below.