Location Privacy: Who Protects?
Cottrill, Caitlin D., URISA Journal
In April of 2011, at Where 2.0 (a conference focusing in part on location-aware technology), Alasdair Allan and Pete Warden announced that the Apple iPhone and 3G iPad were recording the locations of the devices, unencrypted, to a hidden file (Allan 2011). Dubbed "Locationgate," these findings soon led to investigations of other phones and applications ("apps"), which revealed an astonishing amount of location data being collected and stored in the spatial environment. Hearings and forums on location privacy in the United States followed, including:
* October 13, 2011: Understanding Consumer Attitudes about Privacy (U.S. Congress Subcommittee on Commerce, Manufacturing, and Trade)
* June 28, 2011: Location Based Services Forum (FTC and FCC)
* May 19, 2011: Consumer Privacy and Protection in the Mobile Marketplace (U.S. Senate Committee on Commerce, Science, and Transportation)
* May 10, 2011: Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones, and Your Privacy (U.S. Senate Judiciary Committee, Subcommittee on Privacy, Technology, and the Law)
Additional concerns relevant to the privacy of location data have emerged recently, with The Wall Street Journal reporting in April of 2011 that a criminal investigation has begun related to the privacy and information gathering and sharing practices of numerous smartphone applications (Efrati et al. 2011). These hearings, forums, and investigations, along with other examinations of privacy in the spatial environment, have made one overarching factor overwhelmingly evident: Protecting locational privacy cannot be made the sole domain of lawyers, technologists, or policymakers; rather, it is necessary to ensure that experts from each field are engaged in the business of evaluating means and methods by which privacy may be preserved. This paper will endeavor to examine how emerging technologies in the spatial sciences may be approached and managed to ensure that the protection of private information is directly addressed from each of the relevant standpoints of law, policy, and technology. First, an overview of the current environment vis-a-vis privacy in the technological and locational environment will be reviewed. Here, we will work to present concerns related to current privacy practices of service providers, in addition to interim measures that have been recommended to prevent extensive privacy violations. Next, privacy-preserving approaches and methods will be categorized to reveal interactions between policy and technology. Methods first will be categorized from the standpoint of responsibility, with the following actors being reviewed: (1) Application and service developers, (2) data managers and agencies, and (3) users. These categories then will be reviewed in the context of federal and international laws, regulations, and standards to determine how well each is reflected in guidance given to associated parties. This analysis will be used to assess gaps in how privacy is addressed in the overall locational environment.
Beresford and Stejano (2003) define location privacy as "the ability to prevent other parties from learning one's current or past location." Prior to the most recent technological revolution, location privacy was fairly easy to assume, for the financial resources and technology required to identify or track a specific person in space were sufficiently high to discourage nontargeted location surveillance. With the advent of relatively inexpensive camera equipment, GPS-enabled cell and smartphones, and powerful computer processing, it is becoming increasingly difficult to argue that one's past and present locations are private by default. For example, nascent programs and projects utilizing spatial and location data received a boost in May of 2000, when the previously utilized "Selective Availability" feature (which added an intentional error of up to 100) was turned off for civilian usage of GPS navigation features. …