A Methodological Assessment of Location Privacy Risks in Wireless Hotspot Networks

  • Marco Gruteser
  • Dirk Grunwald
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2802)


Mobile computing enables users to compute and communicate almost regardless of their current location. However, as a side effect this technology considerably increased surveillance potential for user movements. Current research addresses location privacy rather patchwork-like than comprehensively. Thus, this paper presents a methodology for identifying, assessing, and comparing location privacy risks in mobile computing technologies. In a case study, we apply the approach to IEEE 802.11b wireless LAN networks and location-based services, where it reveals significant location privacy concerns through link- and application-layer information. From a technological perspective, we argue that these are best addressed through novel anonymity-based mechanisms.


Access Point Location Information Wireless Local Area Network Data Subject Location Privacy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Spreitzer, M., Theimer, M.: Providing location information in a ubiquitous computing environment. In: Proceedings of the 14th ACM SOSP, pp. 270–283 (1993)Google Scholar
  2. 2.
    Harter, A., Hopper, A., Steggles, P., Ward, A., Webster, P.: The anatomy of a context-aware application. Mobile Computing and Networking, 59–68 (1999)Google Scholar
  3. 3.
    Jose, R., Davies, N.: Scalable and flexible location-based services for ubiquitous information access. In: Gellersen, H.-W. (ed.) HUC 1999. LNCS, vol. 1707, pp. 52–66. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Bisdikian, C., Christensen, J., Davis II, J., Ebling, M., Hunt, G., Jerome, W., Lei, H., Maes, S.: Enabling location-based applications. In: 1st Workshop on Mobile commerce (2001)Google Scholar
  5. 5.
    Fox, D.: Der imsi-catcher (in german). Datenschutz and Datensicherheit 21(9) (September 1997)Google Scholar
  6. 6.
    Lemos, R.: (ZDNet News). Car spy pushes privacy limit (June 2001),
  7. 7.
    Lemos, R.: (ZDNet News). Car rental gps speeding fines illegal (July 2001),
  8. 8.
    Rahnema, M.: Overview of the gsm system and protocol architecture. IEEE Communications Magazine 31(4), 92–100 (1993)CrossRefGoogle Scholar
  9. 9.
    IEEE. IEEE standard 802.11b - wireless LAN medium access control (MAC) and physical layer (PHY) specications: High speed physical layer(PHY) in the 2.4 GHz band (1999)Google Scholar
  10. 10.
    Negroponte, N.: Being wireless. Wired Magazine (October 2002)Google Scholar
  11. 11.
    Getting, I.: The global positioning system. IEEE Spectrum 30(12), 36–47 (1993)CrossRefGoogle Scholar
  12. 12.
    Spooner, J.: (CNET News). Motorola: New chip will bring gps to all (September 2002),
  13. 13.
    Goyal, A. In talk given at NIST pervasive computing conference (2001)Google Scholar
  14. 14.
    Hightower, J., Borriello, G.: A survey and taxonomy of location sensing systems for ubiquitous computing. UW CSE 01-08-03, University of Washington (August 2001)Google Scholar
  15. 15.
    Reed, J., Krizman, K., Woerner, B., Rappaport, T.: An overview of the challenges and progress in meeting the e-911 requirement for location service. IEEE Personal Communications Magazine 5(3), 30–37 (1998)Google Scholar
  16. 16.
    Webraska Mobile Technologies. Webraska website,
  17. 17.
    Cheverst, K., Davies, N., Mitchell, K., Friday, A.: Experiences of developing and deploying a context-aware tourist guide: the guide project. In: Proceedings of MOBICOM, pp. 20–31. ACM Press, New York (2000)CrossRefGoogle Scholar
  18. 18.
    The Economist. The end of privacy, April 29 (1999)Google Scholar
  19. 19.
    The Economist. The coming backlash in privacy, December 9 (2000)Google Scholar
  20. 20.
    Froomkin, M.: The death of privacy? Stanford Law Review 52, 1461–1543 (2000)CrossRefGoogle Scholar
  21. 21.
    Hoffman, D.L., Novak, T.P., Peralta, M.: Building consumer trust online. Communications of the ACM 42(4), 80–85 (1999)CrossRefGoogle Scholar
  22. 22.
    Location privacy protection act of 2001. US Congress, Sponsor: Sen. John Edwards (DNC), Contact: Maureen Mahon, Legislative Assistant, Sen. Edwards / 202.224.3154 / fax 202.228.1374 (2001),
  23. 23.
    Karger, P.A., Frankel, Y.: Security and privacy threats to ITS. In: Proceedings of the Second World Congress on Intelligent Transport Systems, Yokohama, Japan, November 1995, vol. 5 (1995)Google Scholar
  24. 24.
    Agre, P.E.: Red rocks eater news service—notes and recommendations (December 1999),
  25. 25.
    Tele Atlas North America, Inc. Geocode website,
  26. 26.
    Padmanabhan, V.N., Subramanian, L.: An investigation of geographic mapping techniques for internet hosts. In: Proceedings of SIGCOMM 2001, p. 13 (2001)Google Scholar
  27. 27.
    Periakaruppan, R., Nemeth, E.: Gtrace — a graphical traceroute tool. In: 13th Usenix Systems Administration Conference — LISA, Seattle, WA, November 7-12 (1999)Google Scholar
  28. 28.
    Bahl, P., Padmanabhan, V.N.: RADAR: An in-building RF-based user location and tracking system. INFOCOM (2), 775–784 (2000)Google Scholar
  29. 29.
    Castro, P., Chiu, P., Kremenek, T., Muntz, R.: A probabilistic room location service for wireless networked environments. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, p. 18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. 30.
    Ladd, A.M., Bekris, K.E., Rudys, A., Kavraki, L.E., Wallach, D.S., Marceau, G.: Robotics-based location sensing using wireless ethernet. In: Proceedings of MOBICOM, pp. 227–238. ACM Press, New York (2002)Google Scholar
  31. 31.
    Wireless geographic logging engine (October 2002),
  32. 32.
    Netstumbler software (October 2002),
  33. 33.
    Cuellar, J., Morris, J., Mulligan, D.: IETF Geopriv requirements (2002),
  34. 34.
    Duri, S., Gruteser, M., Liu, X., Moskowitz, P., Perez, R., Singh, M., Tang, J.-M.: Framework for security and privacy in automotive telematics. In: Proceedings of the second international workshop on Mobile commerce, pp. 25–32. ACM Press, New York (2002)CrossRefGoogle Scholar
  35. 35.
    Snekkenes, E.: Concepts for personal location privacy policies. In: Proceedings of the 3rd ACM conference on Electronic Commerce, pp. 48–57. ACM Press, New York (2001)CrossRefGoogle Scholar
  36. 36.
    Al-Muhtadi, J., Campbell, R., Kapadia, A., Mickunas, D.M., Yi Routing, S.: through the mist: Privacy preserving communication in ubiquitous computing environments. In: International Conference of Distributed Computing Systems (2002)Google Scholar
  37. 37.
    Fasbender, A., Kesdogan, D., Kubitz, O.: Analysis of security and privacy in mobile IP. In: 4th International Conference on Telecommunication Systems Modeling and Analysis, Nashville, TN (March 1996)Google Scholar
  38. 38.
    Narten, T., Draves, R.: RFC3041—privacy extensions for stateless address autoconfiguration in ipv6,
  39. 39.
    Priyantha, N.B., Chakraborty, A., Balakrishnan, H.: The cricket locationsupport system. In: Proceedings of the sixth annual international conference on Mobile computing and networking, pp. 32–43. ACM Press, New York (2000)CrossRefGoogle Scholar
  40. 40.
    Smailagic, A., Kogan, D.: Location sensing and privacy in a context-aware computing environment. IEEE Wireless Communications 9, 10–17 (2002)CrossRefGoogle Scholar
  41. 41.
    Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proc. of the ACMSIGMOD Conference on Management of Data, pp. 439–450. ACM Press, New York (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Marco Gruteser
    • 1
  • Dirk Grunwald
    • 1
  1. 1.Department of Computer ScienceUniversity of Colorado at BoulderBoulderUSA

Personalised recommendations