Implicit Authorization for Accessing Location Data in a Social Context

Being increasingly equipped with highly-accurate positioning technologies, today´s mobile phones enable their owners to transmit their current position over the cellular network and share it with others. So-called location-based community services make use of this possibility, for example for locating friends or family members. Such services give target persons control about the way location data may be accessed by others. So far, this is done by the target explicitly granting or denying permissions through authorization policies or ad-hoc authorization. Unfortunately, apart from bringing along high management effort, the concept of explicit authorization in such a privacy-sensitive application entails the disadvantage of social difficulties. In this paper we introduce the concept of implicit authorization, where an inquirer is granted access to the required information as the result of a certain activity of the target that is not solely dedicated to managing its own location information. In the proposed realization of implicit authorization, access to one´s own information is granted implicitly by accessing the information of another person. The approach is analyzed theoretically and computationally. It turns out that management overhead is minimized while guaranteeing better social acceptability