Monday, June 29, 2015

Geolocation Privacy in the Workplace: A Student's Perspective

Please find below an excellent blog post by Conor Barry, a student intern at the United States Geospatial Intelligence Founcation (USGIF), giving his perspective on a lawsuit that was recently filed concerning geolocation privacy in the workplace. Important reading for employers and location based service providers alike.

As a college student with a year left in school, there are a number of concerns that I, as a soon-to-be graduate, have about the working world. Some of those concerns are financial, like how much money I will be making and how much I will have to spend on rent and other living expenses? Some other concerns might be cultural, like where will I live or what kind of differences will I have to adjust to now that I am no longer a student, how will my responsibilities change? These are the questions that I expect to be asking myself in a year’s time. Something I do not expect to be asking myself is, “How, or is, my employer tracking my whereabouts with my company-issued smartphone?”

This may seem like an odd question, or a question that should not have to be asked by persons in the workforce. Unfortunately, this question has come about, most notably, in a recent court case between Myrna Arias and her former employer Intermex Wire Transfer. In early May 2014, Arias was fired from her job at Intermex for uninstalling the Xora StreetSmart app, from her smartphone because of the location tracking service the app provides to her employer. Arias’ suit against Intermex claims invasion of privacy, retaliation, unfair business practices, and other allegations, seeking damages upwards of $500,000, and claims the monitoring app was activated on weekends and other personal time (Kravets 2015)

Upon her hiring, Arias’ supervisors at Intermex requested she install Xora on her work phone. Arias was terminated for removing the app from her company issued phone because she believed the services the app provides to employers was invading her privacy. Arias claims she was not opposed to the app for work purposes, but rejected the idea that the phone, and subsequently the app itself, must be on during personal time.

According to Xora’s website, the Xora app provides the ability, “to drill down into the map and see specifically what is happening at each stop. Review how long a mobile worker has been there, the address, what actions they are taking and the status of the mobile app.” This app can provide employers with a vast amount of data about their employees, their actions, their tendencies, and their personal preferences. In summary, the app can provide an employer with an enormous amount of personal data about its employees.

I did not entirely understand the enormity of this court case until I read another article about this ordeal where some concerns about privacy were highlighted. In a Washington Post article, Andrea Peterson dives into the serious implications of location services being overextended on employees. The author outlines some important points shared by Jay Stanley, a senior policy analyst with the American Civil Liberties Union:

“Employers have legitimate reasons for monitoring their workers, but all too often we see that kind of tracking spilling over into the private parts of their lives…When you know everywhere someone’s been, you know a lot about their lives – you know not only where they work and live, but who their friends are, who their lovers are, what doctors they might visit – the list just goes on and on.”

This was a very frightening realization. The idea that one’s employer can use smartphones, the devices that connect us to the rest of the world, negatively against a person is unnerving. This is even more concerning because in many instances, employers are providing company-issued cell phones to employees. If these phones are coming equipped with apps like Xora, or if employers are requiring these apps be installed on company cell phones, where can the line be drawn to best protect the privacy of users?

As a student who will be entering the workforce in a year’s time, I would have to side with Arias. I do not believe that there is any reason for my employer to demand I keep a company-issued phone activated and on my person at all times, whether I am working or not. The tracking abilities apps and phones now provide can be manipulated and used in ways that can be an invasion of privacy to individuals. I would not be open to the idea of future employers tracking my whereabouts on personal time, but the outcome of this court case will provide insight regarding the limitations of employers to use location services to monitor employees. 

Wednesday, February 18, 2015

How White House Privacy Rules Will Impact Commercial Use of UAVs

There has been a great deal written recently about the Federal Aviation Administration’s (FAA) release of proposed regulation concerning the commercial use of Unmanned Aviation Vehicles (UAVs) – or drones. (An informative discussion of the proposed regulations can be found here.)  Much of what has been written has quite accurately pointed out that the proposed regulations are much more progressive than many had feared and could be the precursor of a budding commercial UAV industry in the United States. For example, under the proposed regulations an individual will not have to be a certified pilot to operate a UAV for commercial purposes. In addition, the ceiling for small UAV operations has been extended to 500 feet; previously the FAA has limited operations to 400 feet and below.  However, the proposed regulations are subject to change after a public comment period and likely will not become final until 2017.

Unfortunately, there has been much less attention paid to a memo released by the White House in conjunction with the proposed regulations. The document, titled “The Presidential Memorandum:Promoting Economic Competitiveness While Safeguarding Privacy, Civil Rights,and Civil Liberties in Domestic Use of Unmanned Aircraft Systems” (the “Memo”) will constrain the ability of federal agencies to use data that is collected from UAVs. In addition, the Memo may portend future limitations for commercial use.

For example, the Memo states that data collected from UAVs that “may" contain Personally Identifiable Information (PII) must be deleted after 180 days unless (i) necessary to an “authorized mission”, (ii) maintained in a system of records or (iii) required by law to be maintained longer. Six months is not much time to process, analyze and distribute data, particularly for a federal agency. Moreover, since the requirements associated with a “system of records” under the Privacy Act can be onerous and that there are few existing laws that pertain directly to the storage of UAV data, government agencies will likely struggle with trying to determine constitutes an “authorized mission.”

Similarly, the Memo provides that if data collected from a UAV is not stored in a “system of records” it may not be disseminated outside of an agency unless (i) required by law or (ii) it fulfills an “authorized purpose" and complies with agency requirements. This restriction will likely make it more difficult for federal agencies to share data with other federal agencies or with their state counterparts. As a result, federal agencies will find it difficult to use UAV data for important applications, such as disaster response, or to comply with stated federal objectives to readily share data with other agencies

Moreover, the Memo requires federal agencies to provide proper oversight for individuals who have access to “sensitive data”, including PII. This requirement could prove burdensome, given the ambiguity associated with what constitutes “sensitive data” and the changing nature of what constitutes PII. In addition, agencies must adopt rules of conduct for both federal government personnel and contractors as well as introduce procedures for misuse of such data.

The Memo will also have an impact on commercial enterprises that wish to use UAVs. The federal government should be a major consumer of UAV data.  Unfortunately some federal agencies may be unwilling to take advantage of the many potential benefits associated with UAVs due to the requirements imposed by the Memo, since data collected from sensors on other platforms (such as manned aircraft) are not subject to the same requirements. In addition, the Memo highlights the Obama Administration’s likely approach in the upcoming multi-stakeholder process to address concerns associated with commercial use of UAVs. For example, by specifically citing civil liberties and civil rights, the Administration is suggesting that its concerns go well beyond privacy. In addition, by requiring federal agencies to protect data that “might” contain PII or that is “sensitive”, the Obama Administration is suggesting that existing privacy constructs are not sufficient. This approach would be consistent with the conclusions of the White House Big Data report released by the President’s Council of Advisors on Science and Technology last May. The report highlighted the privacy challenges associated with rapid adoption of sensors that can collect a variety of data types.

As a result, while the FAA’s proposed regulations are a big step forward in the commercial adoption of UAVs, there are still significant hurdles that commercial operators will need to overcome. The ability of UAVs to collect high quality data in a timely manner for a reasonable price is one of the many benefits associated with this technology. However, as the Memo indicates, it will also be one of the challenges that industry will face.

Wednesday, January 14, 2015

Spatial Law and Policy Update (January 14, 2015)

Each week the Centre for Spatial Law and Policy prepares the Spatial Law and Policy Update for its members. The Update contains approximately 20-25 links to recent developments that will impact the collection/use/processing/storage/distribution of geoinformation. Its purpose is to educate members on the legal and policy framework that is developing around the world concerning geoinformation. Because of the many ways in which geoinformation is collected and used, the Update cuts across both legal/policy disciplines and technology platforms.

The January 13, 2015 Spatial Law and Policy Update can be found below:

"Where Geospatial Technology Is Taking the Law"



Data Quality



    Spatial Data Infrastructure/Open Data

    Public Safety/Law Enforcement/National Security

     FAA Issues UAS Guidance for Law Enforcement  (Sensors and Systems)
    FCC aims to pinpoint 911 calls  (The Hill)  While responders can often determine where a caller is when they are dialing from a landline phone or from a cellphone outdoors, it can be difficult to pinpoint their location when they are inside, especially when the call is being made from a building with multiple floors. 

    The small and surprisingly dangerous detail the police track about you   (TED)  Location information can be very sensitive. If you drive your car around the United States, it can reveal if you go to a therapist, attend an Alcoholics Anonymous meeting, if you go to church or if you don't go to church. And when that information about you is combined with the same information about everyone else, the government can gain a detailed portrait of how private citizens interact.



Auto Race Venues Adding UAV Wording To Prohibited Items: Phoenix International Raceway strictly prohibits the use of any unmanned aerial vehicles (“UAV”), also known as a drone, for any purpose whatsoever on Track Property. A UAV for purposes of this policy is any aircraft without a human pilot aboard. Track personnel may remove anyone using a UAV on Track property and/or confiscate the UAV until the event is over.

A Plan to Integrate Drones Safely into the National Airspace  (UAV Business and Technology Report)

Delaware holds off on new drone laws  (Delaware Online) "The paperwork and education that is required are daunting and will push many in the industry back, but I am going to do all I can to get FAA approved."

Internet of Things/Smart Grid/Intelligent Transportation Systems

Remote Sensing

Thursday, January 8, 2015

Spatial Law and Policy UAV Update (January 8, 2015)

Each week the Centre for Spatial Law and Policy prepares for its members an update on key legal and policy links associated with the collection, use, storage and distribution of geospatial information. The following are some of the top stories related to UAVs.

A Montreal man is furious over a $1000 fine for flying his drone  (Sun News)

Tuesday, December 16, 2014

Spatial Law and Policy 2014 - The Year of the Drone

Each December, I have listed the top Spatial Law and Policy stories from the past year. (For those of you who have the time, it is interesting to go back over the past several years to see how the issues - and the technology - have evolved: 2013, 2012, 2011, 2010). This year I have decided to focus on the legal and policy developments around the globe concerning UAVs. The reason, as those of you who subscribe to the Centre for Spatial Law and Policy's weekly update know, is that I believe that the issues surrounding UAVs are representative of the larger issues facing the geospatial community. Moreover, issues such as location privacy are being driven due to concerns over  UAVs.  After all, it is all about the data:

1. Regulatory uncertainty 
Lawmakers and regulators around the world are struggling to apply existing laws, policies and regulations to the expected proliferation of UAVs.  In the U.S., commercial use of UAVs had for all practical purposes been prohibited. Thankfully, this began to change in 2014, as the Federal Aviation Administration (FAA) began to grant Section 333 exemptions under the FAA Modernization and Reform Act of 2012. The FAA is expected to release proposed rules regarding the use of small UAVs for commercial purposes very soon.  Unfortunately, early reports suggest that the FAA continues to view regulating UAVs through an outdated prism:
Other countries also re-examined their approach to UAVs in 2014. In some cases, this has resulted in more restrictions and prohibitions. Fortunately, in some countries it has resulted in simpler and more transparent laws and policies.

Geopatial technology and applications that use geospatial information in new and innovative ways are proving to be equally disruptive. For example, in 2014 regulators in the U.S. finally reduced the resolution restrictions on commercial remote sensing satellites. Similarly, lawmakers and regulators around the world delayed or restricted the popular ride-sharing service Uber (which leverages the location of drivers and potential customers using geospatial technology) for failing to comply with applicable taxicab regulations. Ironically, some in France have suggested that Uber drop using maps in its apps as a solution.

2. Importance of Courts
In the U.S., the FAA's inability to keep pace with the rapid technological advancements and proliferation of UAVs has resulted in litigation.  In perhaps the most important decision, the National Transportation Safety Board ruled that the FAA had the authority to fine a UAV operator for reckless actions.

Courts played a critical role in other spatial law issues in 2014. For example, there were a number of decisions in the U.S. that could have a significant impact on law enforcement's use of geospatial information. The New Mexico Supreme Court agreed to review a lower court's decision that law enforcement's use of a manned aircraft to fly over a defendant's backyard without a warrant to see if there were any marijuana plants violated the defendant's privacy rights under New Mexico's state constitution. Moreover,  a federal judge reportedly ruled recently that law enforcement could not use information collected by placing a video camera on public property:
Similarly, in Europe, commentators believe that due to a recent decision by the Court of Justice in the EU concerning security cameras, private citizens operating UAVs will have to comply with data protection laws.

3. Privacy

There were a number of legal and policy developments in 2014 involving privacy concerns associated with the proliferation of UAVs. For example, in the U.S. several more states passed laws restricting both the collection of data by UAVs and the subsequent use of such data by both government agencies and private individuals. (We can expect more such legislation in 2015). In addition, a bill was introduced in Congress that would have a similar effect - although it is  unlikely to pass. There have also been a number of reports that the White House will issue an executive order directing the National Telecommunications and Information Administration (NTIA) to make recommendations on drone privacy. Many other countries examined their existing privacy/data protection laws in anticipation of the proliferation of UAVs.

Concerns over other types of geolocation privacy were also a big issue in 2014. In May, the White House issued two reports on Big Data and privacy, one of which - Big Data and Privacy - A Technology Perspective  - specifically cited privacy concerns associated with geospatial technologies such as radar and LiDAR. In addition, there were numerous media reports over privacy concerns associated with how businesses and government agencies were using location information. In some instances these reports were more speculative in nature. Other reports, if true, were quite troubling - and showed a general insensitivity to the nature of the information. In some instances, businesses decided to withdraw products and services due to privacy concerns associated with location information, even though no laws had been violated.

4  Potential Liability Concerns
The potential for UAVs to cause damage to property and individuals were well documented in 2014. There were similar examples concerning other geospatial technology. Over time we can expect that the legal system will sort out the responsibilities (and associated liabilities) of the various actors. In many instances this will simply mean applying existing laws to the facts. In other instances, it may require new laws to address specific concerns. In either case, it will take some time for these issues to be sorted out. In the meantime, we can expect a great deal of uncertainty, and some unusual court cases.

5. Intellectual Property Rights in the Data

One area that did not receive much attention in 2014 in connection with UAVs was who will own the vast amount of data that will be collected. This issue will become more important as commercial uses for UAVs become more commonplace. People generally do not give much thought as to how companies use images (and other remote sensing data) that is collected about them from satellites or manned aircraft. However, we should expect that some will have a very different view when they see a neighbor profiting from images of their property.

Such concerns are becoming more common with regard to other types of geospatial information. In fact, some have suggested that uncertainty over ownership rights in personal data could hinder the development of the Internet of Things. The issue will become even more critical (and complex) as companies such as Terbine and Farmobile emerge.

The link between spatial law and UAVs became apparent in 2014. I expect we will see more of a convergence in 2015.