Transparency in the use of data coupled with development of trust will go a long way in addressing privacy issues in spatial data sharing, opines Dan Shannon
Privacy and Location is a growing concern. Steve Swazee, Executive Director of Shared Geo, notes there’s been a significant rise in the number of articles in the mainstream media regarding Geospatial Information & Technology privacy issues. It’s been widely reported that Google, for example, has faced legal action related to collection of data over public WiFi networks in several countries. In the USA, Attorney Generals of several states have sought clarification from Google regarding data they’ve collected and the intended treatment of that data.
Google has generally been quick to reply. However, not all groups have been placated by Google’s responses, including advocacy groups such as EPIC, the Electronic Privacy Information Center, that notes Google’s Street View collection techniques violated national privacy laws in countries such as Switzerland, France, New Zealand and the United Kingdom.
Facebook also came under fire last year from the American Civil Liberties Union over concerns over the privacy issues arising from their Places feature. Control or lack thereof, was the primary issue in that case, where users of the application could ‘tag’ to others without that person’s knowledge or consent, thus compromising a person’s right to privacy.
Challenges to Google Street View data collection have been along similar lines. Mass collection techniques are employed to collect information about people and their property without the consent of individuals. In many ways this is not a GIS issue at all. The same concerns have been around for years relative to the use of video to collect images of citizens in public areas, often by municipalities seeking to curb undesirable activities in public areas such as parks and transit terminals. Traffic radar and intersection cameras have also been challenged on the basis of privacy violation when images collected for the stated purpose of recording moving violations have inadvertently exposed citizens in vulnerable situations. Other than the fact that all of these activities take place somewhere, there is nothing uniquely geospatial about them or to the related privacy issues.
Privacy issues such as this are a GIS issue when one considers the potential sanctions and restrictions which could face practitioners in the industry resulting from the reaction to the potential uses and feared abuses of information presented in applications such as Street View and virtual globes. To date, firms such as Google have responded to concerns voluntarily by blurring faces and license plates in Street View, for example. Concerns persist, however, regarding how information is being collected and retained for potential future, undetermined, purposes.
It should be noted that this type of data is not new nor was it non-existent prior to the explosion in popularity of web maps and virtual globes in the mid-2000s. Aerial imagery has been publically available on municipal websites for years previous. So why has the privacy issue specifically related to this kind of data become such a prominent issue?
It would seem that it is the popularity of the delivery mechanisms rather than the data itself that has triggered a backlash. The ubiquitous nature and ease of access to the information has brought the issue to the fore. It has made privacy concerns that would have previously been more theoretical in nature more substantial. Images on specific, less trafficked websites offered a version of ‘security through obscurity’ or in this case ‘privacy through obscurity’ if you will. In contrast to individual, geographically specific repositories of spatial information, the most heavily trafficked of today’s websites provide seamless worldwide coverage. They constitute, and perhaps epitomise, what Canadian Marshall McLuhan was referring to in 1960 when he coined the phrase ‘global village’. In this very public forum where everyone is a constituent, potential damages can more readily be seen to be tangible.
In the United States, rulings regarding the use of GPS data in Automated Vehicle Location (AVL) applications have been inconsistent with different jurisdictions allowing or disallowing different uses of GPS vehicle location information.
A landmark Canadian ruling in 2006 resulted from a complaint lodged by employees of a national Telecommunications company whose field services employees complained that the use of GPS units installed in company vehicles was an invasion of their privacy. Federal Privacy Commissioner Janice Stoddard ruled that the company could continue to use the GPS vehicle tracking devices and applications, but cautioned that this did not give employers ‘carte blanche’ to engage in ubiquitous monitoring of employees with the technology. The key issue in Commissioner Stoddart’s ruling was that of transparency. Not only must employers clearly specify upfront with employees what data will be collected and what it will be used for, she said, but in addition employers must ensure that the data is indeed used only for the stated purpose. The Privacy Commissioner explained in her ruling that use of GPS data could be used for purposes beyond safety and dispatch efficiency and could include purposes such as managing employee productivity. However it would have to be demonstrable that there were no equally effective alternate less obtrusive methods of gathering the necessary information.
Interagency spatial data sharing
Privacy and control issues don’t disappear when we own the geospatial information. There are many challenges facing governments and utilities when they contemplate sharing geospatial information over which they wish to maintain control. Business activities are highly integrated, and an organisation’s Geospatial Information System (GIS) is only as effective as its capability to integrate its information with data from other firms and agencies.
GITA’s white paper “The Geospatial Dimensions of Critical Infrastructure and Emergency Response: Spatial Infrastructures” highlights the need to overcome the reluctance to share geospatial infrastructure data. An SDI, including the agreements documenting terms, appropriate use and liability, is the mechanism for enabling the sharing of spatial data.
The challenge is getting parties to actually work through, define and agree upon a technical and procedural model for collaboratively sharing spatial information , and to ensure that this SDI is in place and operational before an emergency situation arises.
The Integrated Cadastral Information Society (ICIS) in the province of British Columbia in Canada is an interesting example of what has become recognised a model for effective geospatial data sharing : Data Sharing and License Agreements – sharing data with competitors, building a relationship and essentially overcoming privacy concerns on how shared spatial information is being used.
Former ICIS General Manager, Pete Flagg, says key roadblocks the society faced in sharing spatial data were fear of misuse, liability and being able to strike a balance of benefit versus risk. Flagg makes the case that there are direct linkages between perceived risks and benefits and that few benefits aren’t associated with specific risks. He suggests that any organisation proposing to share spatial information should ensure they address, and communicate, the risk mitigation strategies to be undertaken. Risks should not be ignored but neither should they become a roadblock preventing sharing of spatial information.
In a 2008 white paper Flagg provides an interesting comparison of risks and associated benefits of sharing spatial information:
Current ICIS Executive Director, Barry Logan, acknowledges the importance of developing rigorous Data Sharing & License Agreements, and ICIS has done that. However he suggests that interagency data sharing will not overcome the concerns and inherent adversity toward risk that stifles most collaborative efforts without paying careful attention to two other key factors.
First, Logan suggests, governments and utilities must have a clear and agreed upon business purpose for spatial data sharing. It is not enough to simply think that spatial data exchange is generally a good idea. Specificity will drive progress.
Second, be patient, take time to listen to each other, and take time to develop a relationship. Much early hesitancy related to privacy and control issues between members became non-issues as ICIS member firms developed a better understanding and increased level of trust in each other.
This is consistent with the findings of GITA’s Geospatially Enabling Community Collaboration (GECCo) workshops the association held in various cities in the United States in the past several years. The Tampa GECCo stakeholders’ experience was typical. Of the 37 barriers to spatial data exchange that group identified, only 7 were in any manner technological. With modern spatial tools and software what stands in the way of collaboration doesn’t appear to be a lack of technology, but rather the lack of functioning frameworks for spatial data sharing.
Personal privacy and location
There is, however, a big difference between voluntary collaboration between governments and utilities to share spatial information under the protection of Data Sharing and License Agreements, and the aggregation and re-purposing of location information gathered without informed consent from members of the public.
The core issue remains much the same as articulated by ICIS – “perceived risk”, particularly where there is a lack of control over that information. Much has been made recently, for example, of the ability to monitor the individual movements of members of the public based on the location information passively provided by their cellular communications devices. There have been several incidents that would seem to confirm that the public’s concerns are reasonable.
The American Civil Liberties Union recently challenged the Michigan state police, for example, on their use of scanning devices capable of extracting information from cell phones. While not strictly geospatial data at issue here, the fact that in this case the police were not forthcoming about the intended use of this collected data again highlights the concern over intended use, and the lack of control over this kind of data once others collect it.
In some instances, the perceived risk may not fully align with the actual risk to privacy. United States senator Al Franken was quoted recently in an Associated Press article by Jordan Robertson that Apple devices which log user’s location coordinates raises “serious privacy concerns” for children using the devices because “anyone who gains access to this [location log] file cold likely determine the location of a user’s home, the businesses he frequents, the doctors he visits, the schools his children attend and the trips he has taken.”
Ubisense VP Pete Batty put some of those concerns to the test recently, when he analysed the location information from his mobile devices and determined that what was actually being stored was actually just cell tower and wifi locations and that “many of the concerns expressed about this data are simply not valid: it cannot be used to determine where you live, work, go to school, or who your doctor is.”
The common thread through these situations we’ve discussed is that of transparency. It is interesting to note that just as ICIS experienced success through collaborative relationship building, an open dialogue goes a long way in defusing fears while a reluctance to communicate will inevitably put people on their guard. For those in the geospatial industry the lesson is, in the end, simple. Say what you’ll do, and do what you say.