Wednesday, October 8, 2014

Spatial Law and Policy Update (October 8, 2014)

Privacy


New York City Shuts Down Unauthorized Sensors  (WSJ) A follow up to the link above. Geo organizations can learn a great deal from this matter. 

'God View': Uber Allegedly Stalked Users For Party-Goers' Viewing Pleasure (Updated)  (Forbes) As I mentioned to someone recently, I am increasingly convinced that geolocation privacy laws are going to arise due to acts of the non-traditional geospatial community, will have much broader ramifications than anticipated which will go largely unnoticed until too late.

 Licensing

Creative Commons Letter  "Together, we agreed that licenses alone will not achieve our dream of greater access to knowledge and culture worldwide. Laws must change too." 

Data Quality

Map error hastened Napoleon’s Waterloo defeat  (The Telegraph) "We compared the printed map used on the battlefield with the original handdrawn one it was copied from,” Mr Ferrand said. “We realised it was a printing error". 

Government
      
    Public Safety/Law Enforcement/National Security

    The brand new „No-Spy-Decree“ – Consequences for Public Contracts with Foreign Undertakings  (TaylorWessing) The law "requires a guarantee that at the time of the submission of the offer they do not face any legal obligation to disclose confidential information, business or trade secrecies to foreign intelligence services. If disclosure obligations arise after the conclusion of the public contract, the supplier is obliged to inform the contracting authority that he will not be able to comply with the no spy obligation."

    Tech companies say NSA spying harms competitiveness  (USA Today) See above. 

    Taiwan Close to Completion of their Own Map for the South China Sea  (ASM) Maps can serve a variety of purposes.

Technology Platforms

UAVs






Internet of Things/Smart Grid/Intelligent Transportation Systems




Space-based Remote Sensing




Crowdsourcing


Google’s Waze announces government data exchange program with 10 initial partners  (TNW) I have been saying for a while that the geo-ecosystem is increasingly one in which industry, government and the "crowd" are both data providers and data users, often at the same time. This is another example. What this means from a legal/policy standpoint is that a law/regulation that impacts one segment will likely impact the other segments as well. Many (most?) lawmakers are unaware of this unique aspect of geospatial community. 

Miscellaneous

Emerging Technology and Existing Law: Can Geofencing Provide Radio Webcasters a Workaround of Digital Performance Royalties?  An interesting article on the impact that geo can have on existing legal constructs.

Upcoming Programs

GEOGRAPHY2050  (November 19, 2014, New York, New York)

Monday, October 6, 2014

Use of UAVs for Commercial Purposes in U.S.: Privacy Measures


Now that the Federal Aviation Administration (FAA) has begun to allow UAVs to be used for commercial purposes in the U.S. (albeit for limited purposes) one should expect there to be increased attention paid to the potential privacy concerns. That is why I found reports of a recent Government Accountability Office’s (GAO) audit of the U.S. Customs and Border Protection’s (CBP) privacy practice with respect to its use of UAVs to be of value.  In its presentation, the GAO reported that the CBP had developed appropriate procedures to protect civil liberties and privacy. While commercial operators are subject to different laws and policies than U.S. government agencies, the GAO audit is instructive as to some of the measures operators should consider as they begin to use UAVs for commercial purposes. 

The GAO noted that the CBP primarily operated UAVs only within the designated areas to help ensure that sensors “only capture images and information necessary for the authorized mission” The limited deviations outside of the designated areas were primarily due to weather and pilot error.

The GAO also found that the CBP took a number of measures to ensure that the imagery and radar data that was collected was properly secured, stored and disseminated. These measures included: (i) encrypting the transmission of UAV video; (ii)  restricting access to real-time video to authorized users; (iii) restricting disclosure of analytical products that contain UAV-obtained images; (iv) identifying sensitive information prior to disclosure; (v)  maintaining a log to track the dissemination of all analytical products that contain UAV-obtained images; and (vi)  handling UAV-obtained images that are to be used as evidence in accordance with rules of evidence.


The GAO noted that all CBP employees are required to complete annual training in privacy awareness, civil rights and civil liberties, ethics and the CBP Code of Conduct. In addition, law enforcement officers must take additional training focused on privacy, civil rights, and civil liberties issues related to the collection, processing and safeguarding of evidence.


UAVs are increasingly being seen as disruptive technology, causing lawmakers and regulators at both the federal and state level to take a hard look at means to protect privacy from overhead sensors. As a result, operators of UAVs should keep the measures cited above in mind as they begin commercial operations, particularly if they are working on behalf of government clients. (It is interesting to note that CBP apparently takes these measures even though its UAVs fly “primarily at an altitude between 19,000 and 28,000 feet, where the video images do not permit identification of individuals or license plates.”)  

Thursday, October 2, 2014

Geolocation Privacy and the Smart Grid: Department of Energy's Proposed Voluntary Code of Conduct

Recently, the Department of Energy released for public comment  a proposed privacy Voluntary Code of Conduct for smart grid operators and third parties (the "Proposed Voluntary Code"). A link to the Proposed Voluntary Code can be found here

As many of you who follow this blog know, I have been trying to follow the various ways in which privacy laws/regulations/policies address location, because I am afraid that the impact will be much bigger than intended. As a result, I noted with interest that the Proposed Voluntary Code defines Account Data to include "all geographic subdivisions smaller than a state, including a street address, city, county precinct, census block, zip code, and their equivalent geo-codes" when combined with a "specific customer".  Since combining a "name" with a specific customer also is considered Account Data, it would appear that that the term "specific customer" is not simply a name, but any unique identifier associated with a customer, such as their account number. The Proposed Voluntary Code then defines Customer Data as "customer energy usage data (CEUD)" combined with Account Data. In general, Customer Data can only be shared with third parties under the Proposed Voluntary Code if a customer has specifically consented to the sharing of such information with the third party, in an emergency, as required by law or by regulatory authority, or if aggregated or anonymized.  

This construct raises a number of questions in my opinion. For example, I believe it will make it very difficult for government agencies to be able collect and share smart grid data. Perhaps the drafters of the Proposed Voluntary Code did this intentionally because of the vocal - and legitimate - concerns about law enforcement's potential use of the information.  However, my sense is that there are a number of other government agencies that could use this data in ways most people would consider positive and beneficial to society. Restricting it to state-level, unless aggregated and/or anonymized, will likely make the information less valuable. In addition, I wonder if other government agencies will begin to use this definition of geolocation privacy - "a geographic subdivision smaller than a state" without considering whether appropriate, necessary or if it even makes sense.  (Wyoming had a population of slightly less than 600,000 in 2012; California had a population of approximately 38 million. It would seem that there is a wide disparity in privacy risks based solely upon state boundaries).   Finally I am not entirely sure what the term "equivalent geo-codes" is intended to apply to in the definition above, but it would suggest that an operator could not share geo-coded Customer Data at anything more granular than the state level. Can that even be considered "geo-coding"? 

The comment period closes on October 14. 

 

Monday, September 29, 2014

FAA Provides Guidance on Commercial Use of UAVs

Recently, the Federal Aviation Administration (FAA) granted several film and television production companies the right to use UAVs for filming. The FAA’s permission for such use is an exemption to the general prohibition in the U.S. on the use of UAVs for commercial purposes and were issued in response to written requests by these companies pursuant to Section 333 of the FAA Modernization and Reform Act of 2012 (“Section 333”). Section 333 grants the FAA the authority to determine whether certain UAVs can operate in the national airspace subject to certain requirements or conditions. According to published reports there have been approximately 40 such requests made and the FAA is trying to make a decision upon a request within 120 days of receipt.


The FAA letters granting approval are quite detailed (and technical). As a result, I have tried to identify the main requirements below:
  • The UAV must weigh less than 55 pounds (25 Kg), including energy source(s) and equipment.
  • The UAV may not be flown at a speed exceeding a ground speed of 50 knots.
  • Flights must be operated at an altitude of no more than 400 feet above ground level.
  • The UAV must be operated within visual line of sight (VLOS) of the Pilot-In-Command (PIC) at all times. This requires the PIC to be able to use human vision unaided by any device other than corrective lenses.
  • All operations must utilize a visual observer (VO). The VO may be used to satisfy the VLOS requirement, as long as the PIC always maintains VLOS capability. The VO and PIC must be able to communicate verbally at all times.
  • Prior to each flight the PIC must inspect the UAS to ensure it is in a condition for safe flight.
  • The operator must follow the manufacturer’s UAS aircraft/component, maintenance, overhaul, replacement, inspection, and life limit requirements.
  • The PIC must possess at least a private pilot certificate and at least a current third-class medical certificate. The PIC must also meet the flight review requirements for an aircraft in which the PIC is rated on his/her pilot certificate.  In addition, the PIC must have accumulated and logged:
  • a minimum of 200 flight cycles and 25 hours of total time as a UAS rotorcraft pilot and at least ten hours logged as a UAS pilot with a similar UAS type; and,
  • a minimum of five hours as UAS pilot operating the make and model of the UAS to be utilized for operations under the exemption and have conducted three take-offs and three landings in the preceding 90 days.
  • The UAV may not be operated directly over any person, except authorized and consenting personnel, or below an altitude that is hazardous to persons or property on the surface.
  • The operator must ensure that persons are not allowed within 500 feet of the area except those consenting to be involved and necessary.
  • The UAS must abort the flight in the event of unpredicted obstacles or emergencies in accordance with the operator’s manual.
  • Each UAS operation must be completed within 30 minutes flight time or with 25 battery power remaining, whichever occurs first.
  • The UAV must yield the right of way to all other manned operations and activities at all times.
  • The operator must obtain an Air Traffic Organization (ATO) issued Certificate of Waiver or Authorization (COA) prior to conducting any operations under this grant or exemption.
  • UAS operations may not be conducted during night.
  • The UAS cannot be operated by the PIC from any moving device or vehicle.
  • The UAV may not operate in Class B, C, or D airspace without written approval from the FAA.
  • At least three days before flying, the operator of the UAS affected by this exemption must submit a written Plan of Activities to the local Flights Standards District Office (FSDO), to include:
    • A statement that the operator has obtained permission from property owners and/or local officials; and,
    • A description of the flight activity, including maps or diagrams of any area, city, town, county, and/or state over which filming will be conducted and the altitudes essential to accomplish the operation.
            The FAA has taken an important first step in allowing the use of UAVs for commercial purposes in the U.S. The permissions that have been granted are limited, as they only apply to the specific companies that made the requests. However, they are useful in identifying the steps the FAA currently consider to be critical for operating UAVs.  Until the FAA proposes definitive regulations, companies that make a Section 333 request to operate UAVs for commercial purposes in the U.S. should expect to be subject to similar constraints or identify alternatives that address the FAA’s safety and operational concerns. 

Sunday, September 21, 2014

Spatial Law and Policy Update (September 19, 2014)


Privacy




Data Quality


Government

    Spatial Data Infrastructure/Open Data


    Public Safety/Law Enforcement/National Security


Technology Platforms

UAVs






No-Fly Zone 16 46 0 How “drone” safety rules can also help protect privacy.  (Slate) Informative article from 2013 that was recently republished. 

Internet of Things/Smart Grid/Intelligent Transportation Systems



Remote Sensing




Crowdsourcing


Miscellaneous

Big Tech at Bay  (Financial Times)  Informative discussion on issues that will have a significant impact on what the geospatial community will look like in the future. 


What is Spatial Law and Why is it Important?


Last week (September 18, 2014) I had the opportunity to speak at the Yale University Information Society Project (ISP) "Ideas" Lunch.  A copy of my presentation, "What is Spatial Law and Why is it Important" can be found here.  

Tuesday, September 9, 2014

Spatial Law and Policy Update (September 9, 2014)


Privacy







Data Quality


Government

    Cell-Phone Data Might Help Predict Ebola’s Spread  (MIT Technology Review)




Technology Platforms

GNSS



UAVs  





Internet of Things/Smart Grid/Intelligent Transportation Systems



Remote Sensing


Crowdsourcing


Miscellaneous