Congress is looking at GPS security.

Professor Matt Blaze, University of Pennsylvania, has written a paper as testimony for the hearing on the Geolocation Privacy and Surveillance (GPS) Act. Congress is looking at ways to balance private information and terrorist threats. His paper describes that carriers are gaining much better private information not from GPS, but from cell sites.

In it he makes a good point about privacy information (think CPNI) and the access that wireless carriers to that information. In this instance, it is our locations, even when the phone is not being used. Basically it goes like this… our cell phones are constantly transmitting to the nearest cell tower/site. Because of network demand, carriers are putting micro-cell sites to handle the bandwidth needed for LTE and 4G services. The higher concentration of micro-cell sites translates to being able to track your location and movements more precisely and reliably than GPS.

This information is stored as Call Detail Records (CDR's). While the US government takes steps to protect consumer's proprietary network information and CDR's are a part of this protection, my concern is that as growth of mobile device usage goes up, theses CDR's are becoming our personal log files, tracking not only our online activity, but where we go and when we went there. The logs files will be used to correlate behavior, not only on the macro level, but on an individual level. And carriers, government agencies and black-hats will have access this information.