On Wed, April 9, 2008 2:39 pm, Sebastian Billaudelle wrote: > Yes, i think a "normal" hijacker has no skills to flash the image - > it is unusual with normal phones. I think nearly all of them don't > know about a function like the one we are discussing here. But i > think there is another problem: I don't know if it legal to track the > position of a person without his/her permission - even if he/she has > stolen my phone... Will the cops be allowed to use this information? > There are lots of crazy laws... Is a lawyer here on this list?
Yes, i think a "normal" hijacker has no skills to flash the image - it is unusual with normal phones. I think nearly all of them don't know about a function like the one we are discussing here. But i think there is another problem: I don't know if it legal to track the position of a person without his/her permission - even if he/she has stolen my phone... Will the cops be allowed to use this information? There are lots of crazy laws... Is a lawyer here on this list? I am not a lawyer, this is my amateur analysis: As I see it, there are three issues to contend with: 1. Is it legal or ethical for openmoko to keep a database of where users are and have been without their explicit consent? 2. In what circumstances should law enforcement be granted access to the database of where users are? 3. In what circumstances should the owner of a phone be able to tell where it is? The first issue is about big scary companies keeping big brother like databases on all their users. We all tend to think of openmoko as a friendly community effort with no ill intent, but pretend for a moment, that the phone comes from someone big and scary like Microsoft or Verzon. Would you be happy about them tracking you by default? Over the years some tech publications like www.theregister.co.uk have published scandals and trade conspiracies to reduce consumer choice, invade privacy and create vendor lock in. I dare say they would have bad things to say about this plan unless strong safegards are built in, and we find a way to make this off by default (but still trap anyone who re-flashes the phone). My solution to the privacy problem is this: In the box with a new phone is a card explaining how to create an account with the location DB. The user would normally setup an account with that DB. If they are paranoid about privacy, they can throw away the card without doing anything. In normal operation, the phone contacts the location DB from time to time with its serial number and current position, however if the phones owner has not registered, the DB informs the phone that it is not registered. The phone will store that setting in non volatile memory, and will never contact the location DB again. That way, for users who are concerned about their privacy, or who just dont read the instructions, Only one location will ever be released. If the user later changes their mind the DB registration site will have instructions on how to manually flip the send locations parameter back to true, via a deeply hidden menu or config file. If someone re-flashes the phone, then the parameter will be automatically reset. If it is stolen the rightful owner would have to quickly register with the DB before the phone is re-flashed. The second issue is about law enforcement access to the database. If a bad guy such as a drug dealer is using an openmoko equipped phone, then the police might legitimately want access to the database to find out where they have been. Likewise if there has been a serous crime such as a murder, then the police would want to know who was at the crime scene during the crime. I think that most community members would agree that a request for information in these circumstances should be granted. On the other hand, many people are concerned about warantless wiretaps in the United States at the moment, and worry that the police might make big dragnet like requests to invade privacy. For example issuing speeding tickets automatically if the DB showed that you where moving faster than the posted limit. In some circumstances the owner of the phone might want access to the database to prove their innocence for example to establish an alibi, or to prove that they where not speeding. I would suggest that a good compromise would be for the DB admin to give out to the police information about the movements of any specific user, or all users who where in a specified area for a specified period of time, if the request is made by the registered owner or suitably senor police officer or judge. There is a problem that some law enforcement agencies might try to bypass any privacy rules we setup, and try to get a court order for the entire database. To prevent this we should setup the database in a country with strong privacy laws, and a strong tradition of police who obey the rule of law. We need to make sure that the DB admins are based in that country, and that no one else has root access to the DB, especially anyone based in a country with weak privacy laws or oppressive law enforcement. I think Germany might be a good choice for that. The third issue is about the owner of the phone tracking the person who is currently in possession of it. In this discussion people are talking about having their phone stolen, loosing up its location, and then forwarding that location to the police. Or perhaps loosing their phone, and using the database to find out where they left it. However we also need to consider the privacy implications of employers tracking their staff, spouses tracking each other if they suspect infidelity, and parents tracking their children, or elderly relatives. An openmoko owner could easily turn on tracking, and then give the phone to someone they wish to track without telling them that they will be tracked. This would be illegal in a lot of places. Obviously there is nothing to stop someone writing their own program to do that, but I think openmoko should be careful to ensure that the out of the box tracking software is legal and has appropriate safeguards. Unfortunately, I dont think that there is one global solution to this, as individual privacy laws vary a lot from country to country. Perhaps the best solution is to gather the data (if the user registers), but only to allow the owner access to it if the phone is in a country where such tracking is allowed. Even if tracking is not allowed we would still allow police access in case of theft. To avoid tracking people without their knowledge, there should be a pop up at random intervals (every few days), reminding users that they are being tracked. That way it would be hard for someone to covertly track another person. The popup could be disabled if a stolen flag is set in the central DB. (via a request from the police). That is my view. -- David Pottage Error compiling committee.c To many arguments to function. _______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community