Every move you make, they'll be watching you

The digital trail from geolocation technology means anyone can track where you took that photograph. In at least one case it gave terrorists a surprise advantage.

Many smartphones on the market come equipped with GPS chips, cameras and wireless internet access. Kainaz Amaria / Bloomberg News
Powered by automated translation

Sophisticated location-based technology now routinely incorporated into smartphones and cameras is exposing people and businesses to a growing danger.

There is increasing evidence of the risks inherent in the widespread use of geolocation technology, which uses a small but powerful global positioning system chip set that routinely reports a device's exact location using cutting-edge satellite technology.

The full danger of the casual use of modern geolocation technology was first grasped by the military. In 2007, a new fleet of helicopters arrived with an aviation unit at a base in Iraq and some soldiers took pictures of themselves.

From the photos the servicemen innocently uploaded to the internet for the enjoyment of friends and relatives, a hostile force was able to determine the exact location of the helicopters inside the compound and conduct a mortar attack, destroying four of the AH-64 Apaches.

But the IT security industry is now warning that businesses and consumers are also at risk as a result of the digital electronics industry's blind rush to sell devices incorporating GPS chips.

Any technology that acts as a 24-hour tracking device poses risks for those vulnerable to crime, such as women travelling alone or wealthy individuals exposed to the threat of robbery or kidnap.

But even if people use legitimate but still largely unregulated geolocation services, such as the mobile social networking service foursquare, with caution, they may still be vulnerable to individuals or organisations tracking them without their knowledge.

Few users are aware that uploading a picture on to the internet or simply downloading a software application such as that used to buy an airline ticket online via a smartphone can create a digital trail of the user's movements.

The craze for social networking sites such as Facebook has coincided with the rapidly growing adoption of geolocation technology in consumer devices. The costly 2007 air attack in Iraq showed how easy it is to pinpoint exactly where photographs shared on social networking sites were taken.

Some smartphones already incorporate GPS chips, cameras and wireless internet access all in the same device.

Digital camera makers have also been quick to plant GPS chips in their cameras to enable users to record where pictures were taken. Some even have a dedicated Facebook button on the camera body to allow a photograph to be uploaded instantly. Some smartphones enable users to perform the same operation.

Most users are, however, blissfully unaware that every time a picture is uploaded, anyone posing as a Facebook "friend" can easily find the location of where it was taken.

"A message like 'leaving the house for the airport - Honolulu here we come for two weeks' could turn out to be the equivalent of a 'Burglars check in here' sign," warns Alan Brill, the senior managing director of the cyber security and information assurance practice at the security company Kroll.

Large corporations have even more to lose financially. Corporate executives travelling on mergers and acquisitions business may find their companies beaten to the punch by competitors who determined their travel movements from what the individual had innocently assumed were photographs taken at an anonymous diner or on a beach.

The underlying problem is the way in which the location information is recorded.

It is invariably stored in the same Jpeg software file as the picture itself and can be easily accessed. By quickly and simply downloading a small piece of decoding software, anyone can open up photographs posted on the internet and discover precisely where they were taken.

This danger is amplified in the case of those uploading pictures instantly. Teenagers taking photographs of each other and immediately uploading them on to the internet also reveal their exact location in near enough real time to potential predators.

"The ones that worry me are the non-location based organisations that are bundling in location-based permissions into their apps," says Mr Brill.

Many airlines now routinely ask for permission to track customers via their smartphones before they can download the necessary software application to buy a ticket on their smartphone.

Busy travellers are sometimes reluctant to bother reading the lengthy legalese documents that encompass such permissions on the small smartphone screen and agree without being aware the airline can track their movements. It is as yet unclear how the airlines intend to use this data or who will have access to it.

"My thinking is that they would say it localises the response but I don't fully understand that, as I want it to look and act the same wherever I am," says Mr Brill.

Legal and regulatory authorities around the world are, however, moving too slowly to offer any real safeguards to protect those who unwittingly leave a digital trail of their movements.

Most have so far spectacularly failed to acknowledge, let alone address, the dangers inherent in the widespread global adoption of geolocation services.

Until they do, a growing number of business and consumers are at risk.