GeoData Policy

 

From the All Points Blog, April 10, 2009

Privacy, Security Cameras and Location Information

Bill Johnson sent on a newsletter that included a valuable article about privacy, security cameras and location information. I finally found a version on the Web. It’s titled: Surveillance of Public Spaces: A Privacy Issue? by Don Peppers & Martha Rogers, Ph.D.  …

For full blog post: All Points Blog

For full text of article: Surveillance of Public Spaces, 1to1 Media

If this is of interest, check out the research of Torin Monahan at ASU on the social impact of surveillance technology:

Experiences of Surveillance Technologies in Gated Communities and Public Housing

The use of modern surveillance technologies to monitor public activities presents difficult challenges to policymakers and citizens, especially in a post-9/11 world. Central to the debate over surveillance technologies are the oftentimes conflicting goals of safeguarding democratic freedoms from criminal or terrorist threats and from technological intrusion. Focusing specifically on surveillance technologies in public and semi-public places of residence, this project will make an empirical contribution to this ongoing debate by documenting experiences of surveillance technologies. This project will explore the use of modern surveillance technologies(specifically closed circuit television (CCTV) systems) in two very different places of dwelling and social interaction: gated communities and low-income public housing. Research sites will include 3 gated communities and 3 public housing complexes in the Phoenix metropolitan area. Throughout 12 months of field research, 90 interviews will be conducted to identify differences in public experiences of video surveillance across and within these settings.

The guiding questions are 1) what meanings do people attribute to surveillance technologies in places of residence?, and 2) how do people come to understand others through the presence of surveillance technologies? The emphasis of this study will be to identify patterns in experiences of surveillance technologies. Secondary attention will be given to the actual design and distribution of surveillance systems in order to determine how they vary across spaces and whether or not perceptions and behaviors vary according to the types of systems present.  … 

For full text, link here.

Interested in learning more? Check out the book –  Surveillance and Security: Technological Politics and Power in Everyday Life

A federal court ruled September 10th that stored cell phone location information is protected by the Fourth Amendment.  The court said the government needed a warrant, based on probable cause, in order to gain access to stored cell phone location information.  Other courts have required probable cause for law enforcement access to real-time cell phone location information; however, this decision is particularly important because it extends the probable cause requirement to stored location information.  The Electronic Frontier Foundation, joined by CDT, ACLU and the ACLU of Pennsylvania, had argued for the warrant requirement that the court adopted in an amicus curiae brief filed in July. September 11, 2008

Federal Court Decision [PDF], September 10, 2008: http://www.eff.org/files/filenode/celltracking/lenihanorder.pdf

Amicus Brief in the Case [PDF], July 31, 2008: http://www.cdt.org/security/20080731_lenihan_amicus.pdf

Source: Center for Democracy & Technology, September 11, 2008

Barack Obama’s Technology Position

In his Technology position, U.S. Presidential candidate Barack Obama comments on need to ensure an open Internet and on the importance of creating a transparent and connected democracy. This includes:

Making goverment data available online in universally accessible formats to allow citizens to make use of that data to comment, derive value, and take action in their own communities. Greater access to environmental data, for example, will help citizens learn about pollution in their communities, provide information about local conditions back to government and empower people to protect themselves.

Establishing pilot programs to open up government ecision-making and involve the public in the work of agencies, not simply by soliciting opinions, but by tapping into the vast and distributed expertise of American citizenry to help goverment make more informated decisions.

Interactive, dynamic web-mapping anyone? Looks like a great opportunity for those in the field of participatory mapping and public participation GIS (PPGIS)!

Obama also commented on the need to protect our privacy in an age of increased computing power, decreased storage costs, and huge flows of information. Obama supports updating surveillance laws, and notably remarks on the need to protect our location privacy.

Obama will also work to provide robust protection against misuses of particularly sensitive kinds of information, such as e-health records and location data that do not fit comfortably within sector-specific privacy laws.

John McCain’s Technology Position

U.S. Presidential candidate John McCain’s Technology Position emphasizes the need to encourage investment in technological innovation, to improve high-speed Internet access for under-served communities, to ensure an educated workforce in science and technology – in which we’re lagging behind China and India, and to keep the Internet free from unnecessary goverment regulation.

McCain’s Personal Security and Privacy Position comments on the role of government and industry in protecting citizens’ personal security and privacy:

Government — Government must promote a culture of personal security through consumer education initiatives, incentives for the development of secure technologies, and stronger enforcement of laws to protect our citizens, particularly children.

Industry — American industry must continue to lead the world in the development of more secure technologies and responses to new threats. Among other things, industry must exert appropriate efforts to protect sensitive personal information and prevent unintentional loss or theft. Industry also must pursue effective self-regulation and continue informing and educating consumers about the collection and use of personal information.

Report on Presidential Science Advice

Also worth looking at is a new report on Presidential Science Advice, published by the Center for the Study of the Presidency, Study Group on Presidential Science and Technology Personnel and Advisory Assets.

The Center for the Study of the Presidency has completed its report Presidential Leadership to Ensure Science and Technology in the Service of National Needs: A Report to the 2008 Candidates. The report contains a number of recommendations intended to be seriously considered by the presidential candidates’ staffs before and during transition planning, in order to strengthen the S&T advice provided to the President and federal agencies.

Source: AAAS Policy Alert, August 20, 2008

 

Here are two stories in the news this past month regarding tracking the locations of mobile phones:

Is the Government Tracking Us Through Our Cellphones? Lawsuit Seeks Answers

 

By Matt Richtel

 

How widely is the U.S. government using cell phones to pinpoint the locations or track the movements of Americans, or people living on American soil?

 

In November 2007, the American Civil Liberties filed a Freedom of Information Act request with the Department of Justice seeking records related to such tracking practices. The DOJ did not provide the requested information, the ACLU said.

 

And so Tuesday, the ACLU and the Electronic Frontier Foundation filed a lawsuit in federal court to try to force the DOJ to comply.

 

In a press release, the ACLU said that the information about how and how often the government tracks Americans using cell phones needs to come to light to determine if the efforts are unconstitutional.

 

The ACLU said it filed the initial data request after media reports showed that some government officials were claiming not to require “probable cause” of a crime being committed before getting court permission to do real-time tracking of cell phones.

 

Source: Matt Richtel, New York Times Bits Blog, July 1, 2008

 

For full text of the article: http://bits.blogs.nytimes.com/2008/07/01/is-the-government-tracking-us-through-our-cellphones-lawsuit-seeks-answers/index.html?ref=technology

Attorney Patrick Mueller forwarded the following story:

Northeastern University researchers observed the travel patterns of 100,000 cell phone users without their consent for a physics study published yesterday, says an Associated Press report. The study tracked individuals by noting which cell phone towers picked up their signals when they made or received calls or text messages over a period of six months. Co-author of the study Cesar Hidalgo said that knowing people’s travel patterns can benefit society in terms of designing better transportation systems and fighting diseases. But some say this type of nonconsensual tracking is troubling. “There is plenty going on here that sets off ethical alarm bells about privacy and trustworthiness,” said Arthur Caplan of the University of Pennsylvania.

 

Source: Seth Borenstein, Associated Press, June 4, 2008

 

For full text of the article: http://www.theglobeandmail.com/servlet/story/RTGAM.20080604.wgtcellstudy0604/BNStory/Technology/

See also: http://www.geoplace.com/ME2/dirmod.asp?sid=&nm=&type=Publishing&mod=Publications%3A%3AArticle&mid=8F3A7027421841978F18BE895F87F791&tier=4&id=8F161EEEB3F947659F77EBDB4BE86377

I just stumbled upon a link to Dr. L. Joe Morgan, who completed his PhD dissertation titled Attitudes toward spatial privacy in the United States of America (April 2007) under the supervision of Professor David M. Mark, Department of Geography, University at Buffalo, The State University of New York. Also note his paper New Dimensions in Privacy: Spatial Privacy in the Geographic Information Age.

In License Plate Recognition Systems Extend the Reach of Patrol Officers (April 2008, Government Technology), Jim McKay reports on the benefits, barriers, and potential hazards of license plate recognition systems. 

Already well established in the United Kingdom, where by some estimates citizens are filmed more than 300 times a day, license plate recognition systems are now spreading across the United States. These systems are comprised of a camera mounted on police squad cars and an optical character recognition (OCR) processor, which reads the data and compares it against numerous violations databases. Automated license plate recognition systems (ALPR), for example, have enabled officers to identify stolen vehicles and to track vehicles used in kidnappings and hit-and-runs.

According to Charlie Beck, Chief of Detectives, Los Angeles Police Department, these systems “recover four to five times the number of vehicles an officer would recover.” But, this is just the beginning, Beck notes, “[a]s an investigative tool, it has unlimited potential…The real value comes from the long-term investigative use of being able to track vehicles – where they’ve been and what they’ve been doing – and tie that to crimes that have occurred or that will occur [emphasis added].”

Los Angeles is also using license plate recognition systems as a tool for parking enforcement. When combining ALPR unit with GPS, the system can track which cars have been parked for more than the permitted time period. Beck adds, “It’s a big boon for them, [b]ut the investigative boon for us is they will collect all this data from the cars that were parked, so you have this huge advantage. If you have a rape, burglary or some other crime in the area, the detectives can search the system to see if there’s any data involving the cars that were parked there.”  But, why stop there. These systems also are being used to find tax cheats, among other scofflaws, notes Brian Shockley, VP of marketing for PIPS Technology, which manufactures and distributes ALPR technology.

Needless to say, privacy is a real concern. Andrew Blumberg, a Samelson postdoctoral fellow at Stanford University, comments, “The real potential for danger is collecting a tremendous amount of information, which can then be used, very inexpensively, to do speculative data mining based on searches for target people for various kinds of extra-judicial harassment.” Further, most agencies retain this information for extended periods for investigative purposes. Beck cautions, “This is the future, and we can either figure out good ways to use it, put good restrictions on it, make sure it’s used by people who have a reason and authorization to use it, or it will grow wildly on us.”

Source: Government Technology

For the full text of this article, see http://www.govtech.com/dc/articles/282014

Location Privacy Patent

On May 16, 2008, a California District Court found Sprint Nextel Corporation liable for infringement of two patents to the tune of $2.78 million in damages. The patents, owned by intellectual property-holding company Enovsys LCC, relate to a system designed to protect the disclosure of a cell phone’s precise location.

Source: GPS World (May 21, 2008)

Location-Based Services Privacy Best Practices

On a related note, CITA – the Wireless Association announced its Best Practices and Guidelines for Location-Based Services (LBS), which encourages Location-Based Service (LBS) Providers to promote and protect  customers’ location privacy. Specifically, these guidelines focus  on user notice and consent:

LBS Providers must inform users about how their location information will be used, disclosed and protected so that a user can make an informed decision whether or not to use the LBS or authorize disclosure; [and,]

[O]nce a user has chosen to use an LBS, or authorized the disclosure of location information, he or she should have choices as to when or whether location information will be disclosed to third parties and should have the ability to revoke any such authorization.

While these guidelines provide examples of how the above two tasks might be accomplished, they unfortunately provide almost no discussion of the physical, technical, and administrative safegaurds needed once this data is collected. The possible privacy impact of data of long-term retention and storage is not discussed. 

Location Tracking

Peter Batty, in his blog geothought (June 14, 2007), asked hypothetically:

As location tracking becomes increasingly pervasive, in particular through location aware phones, defining appropriate policies and law in the area of privacy will be very important. For example, if you are in a car accident, should the police and/or your insurance company be able to access information from your phone (or the GPS system in your car) which could show them whether you were speeding or not? There are a lot of complex issues in this area, with no easy answers.

Kevin Pomfret, in his post But Do You Have A Reasonable Expectation Of Privacy With Your Cell Phone? (June 25, 2007), replies:

There have been a number of recent cases involving the attempted use by the government to use the specific and articulable facts standard in the Stored Communications Act to collect spatial data associated with electronic transmissions. …Specifically, the government has tried to use Section 2703(c) to collect “a record or other information pertaining to a subscriber to or a customer of such service”. In [these] three instances the government was attempting to use the reasonable grounds standard under Section 2703(d) of the Act in order to obtain cell site data to track a customer’s location in real or near real time rather than the higher probable cause standard that would be required to obtain approval to use a more standard tracking device to monitor a suspect’s movements. However, in each case the court found that the government needed to have probable cause in order to compel disclosure of the cell tower data.

Visit Kevin’s Spatial Law blog for more analysis on this topic!

Bruce Schneier, security guru and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World, calls for U.S. comprehensive data privacy law in his article, “Our Data, Our Selves” (Wired Magazine, May 15, 2008). Nellwal, another data security expert and whistle blower, concurs in the “The Whislter Ear” blog; “[n]ational legislation,” Nellwal comments, ”is slow in coming, the court systems are refusing to punish negligent companies that lose consumer data, and the agencies who regulate data protection and trafficking do little if anything to protect us.” See also Schneier’s blog: http://www.schneier.com/blog/

Unfortunately, as a nation, we seem to be complacent about out privacy. When asked, we express the desire to protect our privacy; but in action, we share our information freely for coupons at the grocery store. As individuals, we don’t take the time to question whether we are required by law to provide our information, to evaluate how this information will be used and aggregated, and to consider who will have access to it. When I talk to friends and colleagues about the issue, they frequently presume that our privacy rights are protected under the law and by the courts. After reading court opinions, however, they are shocked. The law has not kept up with technological change, and the courts frequently assume that technological change – “progress” – is always good. Further, the courts do not thoroughly consider cultural, gender, generational or personal differences in what is considered a “reasonable expectation of privacy,” which is often the relevant legal standard by which the courts base their opinions.

As data professionals, we collect more information than we need because we can. Then, we get function creep (e.g., see yesterday’s posting on license plate tracking)! We have lots of data at our fingertips, so we inevitably use it for purposes other than that for which it was originally collected. We need to recognize that the policies we establish to handle data are as important in protecting our information as the technical controls we implement (e.g., Anderson, R., Security Engineering: A Guide to Building Dependable Distributed Systems). 

We may have competing values and interests, such privacy, the public’s right to know, free speech, value of public information, demand for convenient access, ease of Internet publication, tools for data mining, integration, and analysis, ability to profile and locate individuals, and the need for emergency management (Holland, W., Tension- Individual Privacy in the Age of the Internet and Insecurity, Fair & Equitable, February 2007, p. 12; see also Regan, P., Legislating Privacy); but, as a society, we need to do a better job of balancing these interests. We must recognize that privacy is a necessary ingredient of autonomy and freedom. 

Location / Spatial Privacy

Over the next decade, information collected through RFID and micro/nano-sensor technologies will be analyzed and displayed using geospatial technologies and served up over the Internet (e.g., distributed sensing through Sensor Web), impacting our privacy in new ways.

For a great sociological and legal discussion of privacy as it relates to geospatial information and technology, refer to Michael R Curry’s “Chapter 7: The Digital Individual in a Visible World” in his book Digital Places: Living with Geographic Information Technologies; for a historical perspective, check out Mark Monmonier’s Spying with Maps: Surveillance Technologies and the Future of Privacy. Also see Kevin Pomfret’s discussions on spatial privacy on his blog Spatial Law.

References

For more on data privacy, also see the following books:

• Agre, P., and Rotenber, M., Technology and Privacy: The New Landscape
• Albrecht, K. and McIntyre, L., Spychips: How Major Corporations and Government Plan To Track Your Every Purchase and Watch You Every Move
• Branscomb, A., Who Owns Information: From Privacy to Public Access
• Garfinkel, S., Database Nation: The Death of Privacy in the 21st Century
• Holtzman, D., Privacy Lost: How Technology is Endangering Your Privacy
• O’Harrow, R., No Place to Hide
• Regan, P.,  Legislating Privacy: Technology, Social Values, and Public Policy
• Rule, J., Privacy in Peril
• Solove, D., Rotenberg, M., and P. Schwartz, Privacy, Information, and Technology
• Solove, D., The Digital Person: Technology and Privacy in the Information Age