The privacy implications of using location-based services--which are just now appearing in the United States--are huge, but the companies seem to have made most of the right choices for privacy.
Here's how it will work, says Cyriac Roeding, executive vice president at CBS Mobile: First, you must opt in (sort of) by enabling the use of location-based services for purposes other than just emergency 911 on your phone. What such services will be called and the steps for allowing them will vary by handset and provider, but the setting will be general and won't mention ads.
If your carrier and you agree to use Loopt, the service will obtain location data from the phone, using cell tower triangulation instead of GPS. At first, only Sprint and Boost Mobile customers will get the service, via CBS Sports Mobile and CBS Mobile sites viewed in their phone's browser. Loopt substitutes a location-based advertisement (for a nearby eatery, say) in place of the potentially less-relevant ad that would otherwise appear on those pages.
Now for the privacy measures: Roeding says that the Loopt/CBS Mobile process won't associate phone location data with the user (by sending a phone number or account name with the location, for instance) and that the service won't save anyone's location data.
These are good moves from a privacy standpoint, as is the decision to substitute only for ads that would already appear. If I have to see an ad anyway, it may as well be one that might turn out to be relevant. So I agree with Ari Schwartz, deputy director for the Center for Democracy and Technology, who says that--though they could do better--the companies are, for the most part, approaching this correctly. Ideally, a phone user should get an indicator, such as a small icon on the phone, to alert them when location data is being used to deliver an ad. And the user should have the option to change that setting on the fly, Schwartz says.
But it certainly could be worse. By coincidence, I received an AT&T ServiceGram while I was researching this column. The letter said that AT&T wanted to share my data on the services I purchase and how I use them (but not my phone number, name, or address) among AT&T companies for marketing purposes. And the kicker: Unless I explicitly said no, by visiting a Web site or by mailing a reply back, AT&T would have its way with my data.
An opt-out (versus opt-in) policy is a lousy way to gain approval for using private data, and frankly it ticks me off. The risk implicit in location-based services is that a company will bring that cavalier, consumer-unfriendly attitude to something as deeply sensitive as where we are each moment of the day.