In Part 2, I showed how the EFF recommends building location systems which don’t collect the data in the first place. How is that accomplished? Cryptographic protocols. One of these is electronic cash . Electronic cash refers to means by which an individual can pay for something using a special digital signature which is anonymous but which guarantees the recipient that the can redeem it for money; it acts just like cash! Transfer of money at places like toll booths and fuel pumps would not be tied to any specific individual.
Another approach would involve the use of anonymous credentials for certain types of passes and access cards. The EFF document provides an explanation:
These give [a person] a special set of digital signatures with which he can prove that he is entitled to enter the [restricted location] (i.e. prove you’re a paying customer) or get on the bus. But the protocols are such that these interactions can’t be linked to him specifically and moreover repeated accesses can’t be correlated with one another. That is, the [restricted location] knows that someone authorized to enter has come by, but it can’t tell who it was, and it can’t tell when this individual last came by. Combined with electronic cash, there are a wide-range of card-access solutions which preserves locational privacy.
Of course, these aren’t the only solutions (though they may become the only ones that are reliable). There is also good old data retention and erasure. If there is no real need to keep location data beyond a short period of time, then it should be deleted. The problem with that approach is that companies who acquire locational data have incentives to keep it. Picture a third-party advertising service that automatically feeds you advertising about local businesses based on your where you are logged in. The data about your movements about town and the planet are valuable demographics to use in highly targeted ad campaigns.
In the end, the real concern is with government:
…there’s no guarantee that a government won’t suddenly pass a law requiring … companies and government agencies to keep all of their records for years, just in case the records are needed for “national security” purposes. This last concern isn’t just idle paranoia: this has already happened in Europe, and the [United States Government] has toyed with the same idea…
In the long run, the decision about when we retain our location privacy (and the limited circumstances under which we will surrender it) should be set by democratic action and lawmaking.