Tuesday, June 29, 2010

Locational Tracking and Privacy

The fact that Americans are losing their privacy as they travel through public space due to location-based technologies isn't debatable. The question, as is so often the case when it comes to issues at the intersection of privacy and technology, is what kind of say do we have in the matter and what kind of rules are in place protecting our privacy rights.

The issue of locational privacy has once again resurfaced in a big way of late. Services such as EZ Pass (allows you to bypass stopping to pay the bridge toll), Google Latitude, the GPS tracking of cellphones, the right of police and government to track our whereabouts (both by phone and car), transit cards, social networking sites, WiFi networks, and more, all are opening up a brave new world of real time, locational tracking of Americans.

Before I get to the recently breaking news regarding this issue, on numerous fronts in fact, I'd point everybody to check out last year's report from the Electronic Frontier Foundation (EFF) on the issue of "locational privacy". The report warns that Americans are losing their privacy as they travel through public space due to location-based technologies and services.

As the report details, "Location-based services that transmit, record, and store where a person is—such as EZ Pass, WiFi networks, transit cards, Google Latitude—can be exploited by government, business, or prying ex-lovers to track and reconstruct where people have been as they go about their daily life."

And what of the common response to worries about locational privacy, or other privacy issues in fact, that posits "I'm not doing anything wrong, why should I care?"

EFF lays out the folly of such a knee jerk defense of our ever expanding surveillance state...one that goes beyond the usual concerns of big government or law enforcement overreach:

One answer to this concern is a reminder that there are more subtle reasons for needing privacy. It’s not just the government, or law enforcement, or political enemies you might want to be protected from.

• Your employer doesn’t need to know things about whether, when, and where you went to church.
Your co-workers don’t need to know how late you work or where you shop.
Your sister’s ex-boyfriend doesn’t need know how often she spends the night at her new boyfriend’s apartment.
Your corporate competitors don’t need to know who your salespeople are talking to.

But let me get to the three stories over the past few days that moved me to write on this topic today.

First, was a study released by the Worcester Polytechnic Institute (WPI) in Massachusetts that found that mobile social networks are giving data about users' physical locations to tracking sites and other social networking services. Researchers reported that all 20 sites that were studied leaked some kind of private information to third-party tracking sites.

In the study, the researchers looked at the practices of 13 mobile online social networks, including Brightkite, Flickr, Foursquare, Gowalla and Urbanspoon. They also studied seven traditional online social networks, such as Facebook, LinkedIn, MySpace and Twitter, which allow users to access their sites using mobile devices.

In many cases, the data given out contained the user's unique social networking identifier, which could allow third-party sites to connect the records they keep of users' browsing behavior with the their profiles on the social networking sites.

As the report notes, "The combination of location information, unique identifiers of devices, and traditional leakage of other personally identifiable information all conspire against protection of users' privacy."

Okay, that study struck me as a bit disconcerting. And then I saw this headline, "ACLU: FBI used 'dragnet'-style warrantless cell tracking..."

Now, a lot of what the ACLU asserts in the article I have covered on this blog in the past. Still, there are important reasons why this is all making the news now (though not the big time news...which it should): there are more and more ways, through more and more devices, that can track and store our location, and that data is worth more and more money. In addition, there's a hugely critical court case, being argued as we speak, that could establish whether a warrant is needed BEFORE police or the government decides to track your location through your phone (or car).

As detailed in the article:

To nab a pair of men accused of robbing banks in Connecticut, court documents show the FBI turned to a novel investigative technique last year: warrantless monitoring of the locations of about 180 different cell phones, court documents show.


The FBI obtained a secret order--it has not been made public--commanding nine different telephone companies to provide federal police "with all cell site tracking data and cell site locator information for all incoming and outgoing calls to and from the target numbers."

But because the U.S. Justice Department did not obtain a warrant by proving to a judge that there was probable cause to suspect criminal activity, there's now a risk that the evidence from the location surveillance may be tossed out of court as illegally obtained.

On Friday, the ACLU and the Electronic Frontier Foundation submitted a friend-of-the-court brief (PDF) agreeing with the defense. It says: "Because cell site location information implicates an expectation of privacy that society is prepared to recognize as reasonable, the Fourth Amendment requires that the government obtain a warrant based on probable cause prior to collecting this information."

This amounts to "dragnet" surveillance of the whereabouts of American citizens not suspected of crimes, says Catherine Crump, an attorney with the ACLU's speech, privacy, and technology program.

The Obama administration has argued that no search warrants are needed; it says what's needed is only a 2703(d) order, which requires law enforcement to show that the records are "relevant and material to an ongoing criminal investigation." Because that standard is easier to meet than that of a search warrant, it's less privacy-protective.

...the Obama administration has argued that warrantless tracking is permitted because Americans enjoy no "reasonable expectation of privacy" in their--or at least their cell phones'--whereabouts. U.S. Department of Justice lawyers say that "a customer's Fourth Amendment rights are not violated when the phone company reveals to the government its own records" that show where a mobile device placed and received calls.

Even though police are tapping into the locations of mobile phones thousands of times a year, the legal ground rules remain unclear, and federal privacy laws written a generation ago are ambiguous at best. The first federal appeals court to consider the topic heard oral arguments in February in a case that could establish new standards for locating wireless devices, but it has not yet ruled.

Not only civil liberties groups insist that warrants to track the whereabouts of Americans--or at least their cell phones--are necessary. A coalition that formed in March includes Google, Microsoft, AOL, eBay, Intel, Qwest, AT&T, and conservative and libertarian groups including Americans for Tax Reform and the Progress and Freedom Foundation.

And then I found this article, one that effectively summarizes the larger issue of location tracking in specific terms entitled "Location-Tracking Services: Why You Should Think Twice"

Author Dan Tynan writes:

Location, location, location. The three most important keys to retail success are also the most important ones to your privacy in the 21st century. Which is why you should be keeping a watchful eye on all those big corporations that are keeping a watchful eye on you -- like Google, Twitter, Facebook, AT&T, Verizon, and Apple, to name a few.

All of these companies have recently added (or are on the verge of adding) location-centric services. Twitter can now not only tell what city I'm in, but what neighborhood (and I don't live in a very big place). Apple just made headlines thanks to its new iPhone privacy policy, which as the Los Angeles Times notes, lets it collect

"...the "precise," "real-time geographic location" of its users' iPhones, iPads and computers.


The problem with data collection like this is almost always the secondary, unanticipated uses of the data. One example is what happens when a company that collects your location data goes out of business or is acquired. Any agreement it might have had with you vis-a-vis privacy is essentially moot. And when Internet companies go out of business, their data is often their only tangible, valuable asset.

So, conceivably, the company that tracks how often you go to Mickey D's might end up selling that information to your health insurance company. Expect your rates to rise accordingly.

Still, that's nothing compared to what happens when the authorities or a particularly aggressive divorce attorney gets ahold of this information. That's when the fecal material hits the rotating blades.


I asked how many times the DOT had received legal orders requesting E-ZPass location data. The woman I spoke to told me it had happened about 250 times in 2003 -- twice as many as the previous year -- and the DOT provided that information in roughly half those cases. This only came to light because I found a news report about four NYC cops who got fired for being clocked in at work in Manhattan when they were actually at home in New Jersey. The E-ZPass data was how they got caught.

This was one state, back in 2003. Imagine the wealth of location data available to legal authorities now. At this moment a Federal Appeals court is determining how much location data cops can request from wireless companies, and if they even need a subpoena to get it. Congress is mulling new location privacy protection laws (though if past laws are any indication, don't expect much protection from them).

Click here read the complete article.

Now, let me first address the issue of EZ Passes. I use FastTrack here in the Bay Area, and we (The Consumer Federation of California) are active supporters of legislation authored by State Senator Joe Simitian that would address the privacy concerns outlined in the above article, so I can speak to this issue in greater detail.

The bill (SB 1268), which recently passed the Senate floor (now moves to the Assembly) by a vote of 24 to 10, would provide important privacy protections for users of electronic toll collection systems in California. The following is directly from our letter of support for the bill:

Since the inception of FasTrak in the late 1990’s, California has witnessed a growing trend of attorneys, law enforcement agencies, and other entities requesting and obtaining data on FasTrak subscribers and their travel patterns – often simply by presenting the transit agencies with a subpoena. Additionally, subscribers are often not informed that their data is being handed over to a third-party by the various transit entities in these situations.

SB 1268 puts in place a number of protections for personally identifiable information of electronic toll collection subscribers, including, but not limited to: travel pattern data, address, telephone number, bank account information, and credit card information.

The bill would restrict transportation agencies from handing over subscriber information unless a law enforcement agency provides a search warrant, or, in cases in which the delay required in seeking a search warrant would result in an imminent danger to the health or safety of a member of the public, a written statement by the law enforcement agency explaining the nature of the situation. In addition, it would provide that in each instance where a subscriber’s personally identifiable information is handed over to a law enforcement agency, the subscriber him or herself must be notified within a reasonable timeframe.

Subscriber privacy has further been put in jeopardy due to storage of subscriber information, including travel pattern data and toll transactions, for indefinite periods of time by transportation agencies.

The stored data include information on accounts that have closed and tickets that have been resolved for years. This creates data-rich files on all subscribers, which could then be accessed by third-parties without the permission of the subscriber. SB 1268 would remedy this unnecessary amassing of subscriber data by creating clear guidelines for data retention and data destruction.

As I keep saying over and over on this blog, there's an urgent need for public policy to catch up with technology, namely in the area of privacy, particularly in the establishment of the consumers ownership over his/her data, strict rules on data storage, and the opt-in principle as the new rule of thumb (rather than opt-out).

These "Big Brother" fears are no longer hypothetical. Let's not forget, Sprint received 8 million law enforcement requests for GPS location data in just one year.

Then, there's the recent moves towards installing GPS tracking devices in vehicles for auto insurance purposes. I have written extensively about this little privacy invasion in past posts, as there was legislation in California that sought to expand such an idea that the Consumer Federation of California, as well as the Consumer Watchdog, ACLU, Privacy Rights Clearinghouse, and the Electronic Frontier Foundation all opposed.

As today's articles have mentioned, there's also the continuing legal battle over whether law enforcement has the right to install GPS tracking devices in suspects vehicles.

As today's articles have detailed, we are witnessing a landmark privacy rights legal battle underway over what the proper legal standard should be when prosecutors demand cell phone location data.

Once again, I would point people to EFF, who has honed in on the dangerous level of secrecy surrounds law enforcement's communications surveillance practices, and their calling for laws requiring detailed reporting about how the government is using its surveillance powers, the lack of accountability when it comes to the government's access to information through third-party phone and Internet service providers will necessarily breed abuse

I guess its clear where I stand: tracking citizens without probable cause or a warrant seems unconstitutional on its face. We know these GPS chips can locate a person to within about 30 feet. They're also able to gather less exact location data by tracing mobile phone signals as they ping off cell towers.

Documents released not too long ago by the ACLU showed that of the states randomly sampled, New Jersey and Florida used GPS tracking without obtaining probable cause or warrants. Four other states, California, Louisiana, Indiana, Nevada and the District of Columbia reported having obtained GPS data only after showing probable cause.

But to summarize the big picture framing of this issue, and what we citizens should rightfully demand and expect, let me source EFF's report "On Locational Privacy, and How to Avoid Losing it Forever". It pretty much nails it on the head:

The EFF concedes that people forfeit some privacy when they go into public. However, the ability to track people as they went about their lives before the rise of such technology was extraordinarily difficult and generally quite expensive: people hired private investigators to do that work. Besides, the person being monitored had a decent shot at detecting the surveillance.

Preserving locational privacy is about maintaining dignity and confidence as you move through the world. Locational privacy is also about knowing when other people know things about you, and being able to tell when they are making decisions based on those facts.

Suppose that an insurance company manages to obtain a record of Alice’s movements over the past year, and decides that there is some aspect of that record which is grounds for raising her premiums or denying her coverage. The problem with that decision is not just that it is unfair, but that Alice may have no ability to dispute it. If the insurance company’s reasoning is misinformed, will Alice have a practical way of knowing that and disputing it?

In the long run, the decision about when we retain our location privacy (and the limited circumstances under which we will surrender it) should be set by democratic action and lawmaking. Now is a key moment for organizations that are building and deploying location data infrastructure to show leadership and select designs that are responsible and do not surrender the locational privacy of users simply for expediency.

Amen! And stay tuned...I'll be following this issue as it develops...

No comments: