- Количество слайдов: 55
Every Step You Take: Geo-Location Security Issues
“Her father had taught her about a dog's paws. Whenever her father was alone with a dog in a house he would lean over and smell the skin at the base of its paw. This, he would say, as if coming away from a brandy snifter, is the greatest smell in the world! A bouquet! Great rumours of travel! It's a cathedral! her father had said, so -and-so's garden, that field of grasses, a walk through cyclamen--a concentration of hints of all the paths the animal had taken during the day. ” Michael Ondaatje, The English Patient
• Where you go • Where you went • What you do • What you did • Where you will go • What you will do Geo-Shadow
How Satellite tracking Web browsers Mobile phones GPS devices RFID tags Credit / debit card transactions Geo tags photos / postings Proximity readers
Browser-Based The geo-location API is default in the following desktop browsers: • • • Firefox 3. 5+ Chrome 5. 0+ Safari 5. 0+ Opera 10. 60+ Internet Explorer 9. 0+ And for updates on earlier versions for all of the above
Application-Based And the W 3 C geo-location API on mobile devices: • • • Android 2. 0+ i. Phone 3. 0+ Opera Mobile 10. 1+ Symbian (S 60 3 rd & 5 th generation) Blackberry OS 6 Maemo
“Of the over 750, 000 applications currently available in the i. Tunes i. Store: over 90% record and transmit user geo-location data. ” Wired 2014
In Our Devices
In Our Friends
Geo-Location Data = Cash Increase Revenue Direct contextually relevant marketing to: Any one Any time Any where Reduce Costs Centralised task management of: Any employee Any time Any where
Keeping Track • • • Tracking customers Tracking employees Tracking competitors Tracking subjects Tracking…
Business Uses A US-based car rental company started using deployed GPS tracking devices to monitor driving speeds of its customers. If a customers car exceeded 79 miles per hour for 2 continuous minutes, they were charged an additional $150 (without their consent).
Example A French Insurance company used both mobile phone and car GPS data to track sales executive locations and cross reference to their expense accounts. Policy resulted in 21 employee dismissals and the identification of over. 5 million euro in false claims.
Example Last year, a large New York-based charity used geo-location data from Grindr to identify homosexuals working in their offices. 4 employees were fired for “inappropriate behavior. ”
A Entire Industry Now Based
Big Bang • Location based marketing industry has consistently increased 10 -fold over the last 3 years • Facebook: “Friends” geo-location app launch • Bing, Yahoo & Google “geo-location searches” • Disney: “My. Magic” wearable geo location tech • Master. Card: Geo-location authentication • Best Western Hotel: “Geo-fencing” strategy • Koo. Zoo: Live “geo-video” feed
Bringing It Home
Can Vendor Own My Location?
Leadership? "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place, " Former Google CEO: Eric Schmidt
Problem • How the data exposes the users is not the problem. • How the vendors expose the users without their knowledge is the problem. • Opt out is the default - not opt in - and even then… • Social media model = get everyone to share everything means our personal information (whereabouts) becomes their product • Convenience traded for privacy sold for cash • With only a “buyer beware” market approach
What Separates… Tracking a customer Tracking a victim
Non-Commercial Data Value • • Stalking Rape Kidnapping Assault Bullying Robbery Burglary And bad stuff
The Future: Boggles The Mind
And I’ve Even Heard… Geo-location data taken from more than 7 billion devices across the planet every day.
How Big Is This Party? Tracking customers Tracking victims Tracking citizens
Easy to Obtain
Down Load It
Caution: Geo-Malware Ahead
“Over 95% of all geo-location data stored in cloud platforms” Wired 2014
Stop. Think. • • • Where you go Where you went What you do What you did Where you will go What you will do
Data Classification + = SPII
Regulatory Challenges Geo-location data falls under special category of data subject to EU Privacy Directive. To comply you must: – Not store data outside of EU – Obtain prior consent from subject - or: – Process the data anonymously
Our Industry Location?
We Don’t Understand • • • • This data is sensitive personal identifiable information Data presents vast commercial opportunities to decreases costs & increase revenue Sought by businesses Sought by criminals Sought by governments User devices easy to hack and obtain location information Processed in cloud platforms without security frameworks Industry approach = buyer beware Default: opt in versus opt out Presents real and immediate privacy and safety concerns Revenue trumps privacy Revenue trumps security This is personal
Did I Mention ? =
Today there are 75 attendees at this conference 78 SSIDs are broadcasting geolocation data.
What’s Your Next Step?
A Different Perspective From 26 dover Street London United Kingdom W 1 S 4 LY +44 (0)20 3586 1025 www. riskfactory. com