Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Professor, Baker & McKenzie Cyberspace Law & Policy Centre, University of N.S.W.
Visiting Fellow, Department of Computer Science, Australian National University
Notes prepared for the Information Privacy + M-Commerce Symposium, Queen's University, Kingston Ontario, 31 May 2003
Version of 27 May 2003
© Xamax Consultancy Pty Ltd, 2003
This document is at http://www.anu.edu.au/people/Roger.Clarke/EC/MTechno.html
This document provides an overview of what the much-typed but highly ambiguous term 'M-Commerce' might mean. It was prepared as an early section of an uncompleted paper on 'M-Commerce and Privacy', invited for a conference in Kingston Ontario in May 2003.
As with any new technology, a great many commentators talk through their hats. An analysis is worth very little, unless the analyst has informed themselves about the relevant technologies in sufficient depth that they can be confident about their assessments of the technologies' characteristics and implications. This paper offers a contribution towards the necessary understanding of key technologies that underlie M-Commerce.
The term 'mobile technology' is commonly applied to a cluster of different techniques whereby a device can conduct communications without the need for a physical cable to connect it to any other device or network. During the act of communication, the device may need to be relatively still, or confined to a small area. Alternatively, it may be able to move, and even to move at considerable speed, during the act of communication. In some cases, it is imperative that the device moves at speed, because its operation depends on current induced by the transit of a coil that it contains through a magnetic field created by some nearby static device.
The following is a conventional, fairly pragmatic classification of such technologies, including some contemporary examples:
The various levels of network can be bridged, in order to provide access between any device and many other devices on many other networks.
When considering consumer and privacy impacts, two fundamentally different contexts need to be considered:
Dealing with the former context first, there are several circumstances in which the mobile party discloses little or no location data to other parties.
A very common context is where only one-way communications exist, with no back-channel from the mobile party. One example is the broadcast of messages to many recipients across a large cachement area, as is the case with both broadcast television and radio, and many satellite services. An important special case of this is the passive use of GPS by a mobile party in order to compute their location.
There are several contexts in which two-way communications exist, but there is nonetheless no disclosure of positional data by the mobile party. These include the following:
There is a variety of circumstances in which the mobile party discloses information about their location to other parties.
A mobile party may expressly disclose their location to another party, as part of the content of the communications. This act may be voluntary or involuntary, conscious or inadvertant, and freely offered or induced. For a discussion of consent in electronic contexts, see Clarke (2002).
Since the 1990s, information about a caller's location is communicated to recipients through disclosure of caller-ID from fixed phones. CND/Caller-ID has been established by most telcos and PTTs around the world as default-on / opt-out / non-consensual, because it was in their commercial interests to do so, and regulators and parliaments failed to act in the public's interest to impose default-off / opt-in / consent-based schemes.
In most national numbering schemes, the prefix of the calling number discloses the caller's location to within a few kilometres (in urban areas) or a few hundred kilometres (in relatively remote areas). In principle, the remainder of the number discloses nothing. But where the recipient of the call has access to 'reverse white-pages' functionality and the number is 'listed' in whatever database the recipient is working from, it is likely that it also discloses street-address and subscriber name. Many national operators (such as Telstra and Sensis in Australia) refuse to disclose the proportion of subscribers who pay to 'go ex-directory', but in Australia it is rumoured to be 20%, and in Los Angeles as high as 50%.
Another leakage of location information is through disclosure of the cell from within which a mobile party is communicating. It is an operational necessity for this data to be known by 'the network'. At present, it would appear that this data is not generally accessible to other parties, other than law enforcement agencies in particular circumstances defined by laws within the particular jurisdiction. But there are very likely to be business incentives for it to become more widely accessible, and where regulatory constraints exists they could be bought off, as they often have been in the past.
There are moves afoot to achieve disclosure of a more precise location within the cell from within which a mobile party is communicating. This would appear to be feasible through at least three technical means:
Alliances of telcos, telco technology providers, consumer marketing corporations, law enforcement agencies and national security agencies have been working on this for many years. They have used as a blind the application of such a technology to emergency services, with cars trapped in snowdrifts featuring strongly in the public relations campaigns. Only the investment required appears to have held the initiative back.
A further approach is self-identification by devices as they pass by detectors of various kinds. For example, taxis and trucks carry devices that transmit vehicle-identifiers to receivers installed at strategic locations such as major intersections.
Smartcards using non-contact chips include a coil. When the card passes through a magnetic field, current is induced in the coil, and a short message can be broadcast, and picked up by a nearby device designed for that purpose. Smartcard-based public transport payment cards apply this technology. Where the payment card is designed so as not to be associable with the person who is carrying it, the technology provides an efficient and unthreatening tool.
But unfortunately such cards can in many cases produce an identified data trail. Transmission of a chip-ID of perhaps 128 bits may be quite adequate to achieve this, provided that an index exists that ties the chip-ID to the artefact that it's embedded within (e.g. a person's credit-card, driver's licence, or passport), or some other basis can be contrived to relate the artefact to a person. RFID (radio frequency identification) tags are a minituarised version of this kind of ubiquitous surveillance, whereby the chips are extremely small and can be embedded in, for example, Benetton clothing. For an investigation of implications, read Neal Stephenson's 'Diamond Age'.
Go to Roger's Home Page.
Go to the contents-page for this segment.
Send an email to Roger
Created: 15 May 2003
Last Amended: 27 May 2003
|These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).|
| The Australian National University|
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Pty Ltd, ACN: 002 360 456|
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916