The real question here is, "Is it possible to turn the tracking on
without the user's control or notice?" This might include phones that
-always- know where they are, or phones that can be remotely commanded
to reveal this information. Either of these two alternatives are the
real threat, and it's important that work to defuse them focuses on
ensuring that manufacturers are very strongly discouraged from
building in such capabilities to phones (and that any backdoors
installed but not advertised are widely trumpeted by the media). [1]
http://www.snaptrack.com/pdf/ion.pdf is an interesting technical paper
along these lines. These guys are proposing a celphone GPS location
service that -requires assistance from the base stations- in computing
a fix. This assistance greatly decreased the computational load
required to do the computation, and increases the ability of the
receiver to lock on to the GPS signals; the result is a system that
can operate up to 25 dB below where convention GPS's can (hence, it
can work inside buildings), and can compute a fix extremely rapidly
(on the order of a second or so), -but- which requires sufficient help
from the infrastructure that you can be pretty sure it won't simply be
ubiquitously left on for all phones on the network (since the base
stations would collapse under the load). [2]
Given such a system, you still have to ensure that vendors don't
provide any way -besides- the user pushing the button on the phone for
the phone to start computing continuous or semi-continuous positions,
but at least you've decreased the risk that continuous position
readouts will be the network default. This at least means that
individuals must be specifically targetted by surveillance, rather
than allowing everyone's positions to retroactively determined at any
time in the future simply by doing a database search.
[1] Yes, position information can be computed crudely using the
existing cellular infrastructure, and can be quite handy for tracking
people surreptitiously given the the political power to influence the
cellular providers---something that is not unreasonable even in many
democracies and downright trivial in any highly-repressive government.
But ~5 meter fixes are something else again---you can use those to
build dossiers of who associates with whom, a terrifyingly powerful
technique for blackmail, intimidation, or simple prosecution (or
worse). Widespread knowledge that one might be "disappeared" simply
for being near someone who might be a troublemaker could squelch any
political movement very rapidly. And, of course, the lack of a good
deployed crypto infrastructure means that the targets -must- meet
physically, since they can't trust the security of electronic
communication. The one bright spot in this scenario, and the reason
for trying to hard to push phone network providers and phone builders
-not- to make it easy to track without users' permission, is that most
repressive governments simply aren't large enough to build their own
tracking infrastructure and must rely on equipment they can buy from
the less repressive governments. (China may be a notable exception.)
This means that it behooves the less repressive governments to -not-
try to make life easier for the more repressive ones. [This is one
reason that the US's CALEA is such a bad idea---we are building phone
switches with all the built-in tapping capabilities that any truly
repressive government could want, and we can't exactly export any laws
limiting its use when we export the switch!]
[2] The problem with SnapTrack, of course, is one of its very
features. Because it's so fast to compute a fix, the GPS portion of
the phone need not be on for more than a second or so (several seconds
from a cold start). This means that, -if such a phone were able to be
remotely queried-, it would be possible to set something up that could
provide, say, minute-by-minute location information and the user might
not even notice that the battery was running down unusually quickly.
Thus, targetting -particular- individuals would be stealthier than in
a system where the phone must leave its GPS receiver on all the time
(except in systems where -all- phones -always- leave their GPS
receivers on all the time).
