If I were a criminal I would create a smart phone app which would give me the possability to geographically and socially track policemen. Here some background on this thought.
Yesterday I was sitting in the German summit on “Facebook Goolgle & Co – Chances and Risks” (which I will blog about soon) But today during my train trip to the second day of the summit I was sitting in the train talking to a very friendly police officer. He agreed with what was said on the summit. The police is using social networks to find potential criminals. They also use cellphone tracking together with mobile providers to find people they are looking for. Nothing new and special so far. But now my interesting observation.
The police officer proudly told me that he is not using any social networking service because he enjoys his life in privacy. I understood that he believed this to be necessary in his job. By telling me this he was holding his iPhone in his hand. Again this shows one of the most crucial parts in this entire privacy discussion. Even highly educated people often lack an understanding of how much private information they implicitly give to third parties.
So I asked him if he used it during work times and he told me that he did since only mobile providers would know where he is and they could not give away data that easily. I was amazed! A policeman using an iPhone during work. That is such a security lack. If I were a terrorist organization I would create an iPhone and android app (or if possible an open mobile html5 app like Tim Berners Lee suggests <– you see the ethics overwhelm I am just not a criminal (-:). I would design this app in a way to support policemen. Help them communicate or have a cool map integration anything that was useful for the police. In this way I would create a database with real movement data of policemen. This data I could use for a different service similar to http://girlsaround.me/ displaying the current position and face of policemen (including if requested a list of people they recently communicated with including their phone numbers) on a map to anyone of my terrorist organization. The police just could never catch me since I would always know where they are (without asking any mobile provider!) I could even give them fake phone calls pretending I am one of the people they recently communicated with inputting them false information or just distracting them.

Of course this setting is only half realistic:

• Every policeman would have to have a smartphone and use it during work time
• Every policeman would have to install the app of the criminal
• The criminal can distinguish between policemen and other people using the app (should be possible with data mining)
• The criminal can decide weather the policeman is currently working or in leisure time

But it should show and demonstrate the dangers…

To conclude:

We have to disallow policemen to use private smart phones during work! Or if they do so they must not install any applications from a source they don’t trust. And here is the crucial point. Who to trust and who not? Trust usually is created through social ties. So if the app is there and some policemen like the service and recommend it to their coworkers trust is created. Who does really ask about the source of an app and about who is running/owning the data servers. A service that is well known on the web can easily run by 2 or 3 people and even if they are nice it is easy to manipulate or blackmail them in order to get access to these very sensitive data.
And on another more technical topic: We need a decentralized mobile space. There has to be a frequency on which people are able to set up their own transmitters and create decentralized mobile networks. It is a shame that those frequencies are all owned by companies creating centralized services.
By the way this would be a good solution since it would also enable the police to have their own decentralized mobile networks giving them privacy against third parties!

Disclaimer:

I never thought I would write an article in this paranoid way telling people what is possible and where the risks are. I almost feel like a member of ccc, anonymous or finally like a real pirate. But one year of PhD in a very data driven environment having social networks, information retrieval and the web as a focus really makes me understand more and more what is possible (in particular easy to achieve). Also the low awareness of society about these dangers (probably due to the complex technologies) overwhelms me and makes me feel like I have to act and at least inform people.
To bad that mostly people who are already aware of these topics read my blog. Maybe I have to go geek and create this app to demonstrate the functionality in order to really rise awareness. There are just too many interesting things to do during a PhD program so I think this time only writing about this has to be sufficient.