Saturday, March 29, 2014

The Role of Trust and the Future of Augmented Reality

On March 26, I spoke to the Augmented Reality Community meeting held in conjunction with the Open Geospatial Consortium (OGC) Technical and Planning Committee meeting held in Arlington, Virginia.  Quite understandably, the subject of trust and Augmented Reality (A/R) quickly turned to privacy. 

I had a hard time coming up with what to say on this subject.  First, because Augmented Reality can /and will involve many diverse technologies and applications. Second, because concerns over A/R technologies often drown out discussions regarding the value of many A/R applications.  

So I began my talk at the beginning - by breaking down the elements of A/R.  Augmented  Reality  is defined on Wikipedia as "a live, copy or view of a physical, real-world environment whose elements are augmented (or supplemented) by computer-generated sensory input such as sound, video, graphics or GPS data."

Breaking it down, what are the privacy concerns in "reality"? I would suggest there are two primary issues for the A/R community to consider in this area:

1.    Historically there have been different expectation of privacy when a person is in public then when they are are in a private place.  However those expectations are beginning to change; more and more courts, regulators, policymakers, academics, privacy advocates and even technologists are redefining the what expectations of privacy in public should be reasonable give new technological capabilities. 

2.    What are the privacy expectations with respect to an object? Increasingly there have been growing expectations of privacy with objects, such as mobile phones.  How will this translate to other objects, such as automobiles, or the outside of homes. 

.        Next, what are the privacy concerns associated with augmentation - "the elements are augmented (or supplemented) by computer-generated sensory input such as sound, video, graphics or GPS data."  I would suggest there are two primary issues for the A/R community to consider with respect to augmentation. 

1.    Are you augmenting with public input (data) or private input (data)? Obviously there is a greater private concern associated with private data. However, there are increasingly concerns with public data as well. For example, the New York newspaper that posted a controversial interactive map of publicly available names and addresses of registered gun owners. 

2.    What is the definition of “public” data?     Social media is pushing the limits of what has is considered public and what is private. However, do people appreciate how available the posted information will be become and how it might be used? Are some types of social media more “public”?

Based upon this analysis, I came up with three questions that I believe the A/R community should consider when building applications and use cases.   These questions can help define the framework in which to determine the potential impact of A/R in a market/jurisdiction. Also, should expect that the answers will change over time, and in some cases will be “individual”-specific, such as when a minor is involved.

1.    If/when does the display of augmented public data of someone who is in the public violate that individual’s privacy?

2.    If/when does the use or sharing of augmented public data of someone who is in public violate that individual’s privacy?

3.    Is there ever a time when the display and/or use of augmented private data of someone who is in private worth the potential/perceived violation of that individual’s privacy?   If the answer is yes, when is it appropriate by whom?

Tuesday, March 25, 2014

ICYMI Five Spatial Law and Policy Links From Around the World

German DPAs issue guidelines on CCTV use  (Hunton &Williams)  Link to Germany's policy (in German). 

Offshoring Data  (Coors, Chambers, Westgarth)  Impact of new Australian privacy laws on companies that offshore data processing. 

Turkey bans Twitter to uphold 'privacy of citizens'  (allvoices) Protecting privacy is often cited as the reason to limit the collection/use/sharing of information. 

Malaysia plane search: China checks new 'debris' image  (BBC) The search for the missing Malaysian airline has shown both the power of geospatial technology and the challenges in sharing data among nations. 

India to promote geospatial technologies with BRICS partners   (Geospatial World)

In addition, I encourage you to read Privacy Pragmatism in the current issue of Foreign Affairs. Craig Mundie does an excellent job of highlighting what I believe to be some of the challenges to protecting location privacy under existing constructs and suggest an alternative approach. 

Wednesday, March 19, 2014

The Role of "Oversight" In Today's World

There has been a great deal written recently regarding the need for increased oversight of the Intelligence Community's growing use of new and innovative technology. However, I question whether increased oversight is the answer. The problem as I see it is that the legal/policy communities have shown that they are unable to keep up with advancements in technology and its impact on society. In my role as Executive Director of the Centre for Spatial Law and Policy I see people struggle daily with how to address important issues associated with the internet, Big Data, mobile devices and UAVs. Very soon these issues will also include Intelligent Transportation Systems and Autonomous Vehicles, Smart Grids, Augmented Reality, Smart Cities and the Internet of Things. (As an aside, many of these issues involve the power of location information.)  Increased oversight without an accompanying legal and and policy framework to address these issues is unlikely to do more than score a few political points.  The ability to conduct oversight is limited if you don't know the questions to ask and/or you don't know what the answers truly mean.  However, it is effectively eviscerated if the laws and policies are either so outdated or vague that they can quite honestly be interpreted in numerous ways.  

Wednesday, March 5, 2014

UAVs in the US: My Perspective

A number of people have been asking me  for my thoughts on the legal issues associated with the use of UAVs in the United States in light of a couple of recent articles. (See e.g , FAA Says Commercial Drone Operations are Illegal . . Public Says So What? and Busting the FAA's "Myth Busting Document".) Clearly, there are a number of what I would deem technical/safety issues associated with integrating UAVs into the existing legal and policy framework surrounding aircraft. These include issues such as licensing, spectrum, training, etc. I don't mean do downgrade the importance of these issues in order to facilitate the broad adoption of UAV use in the U.S., however my sense is that the Federal Aviation Administration (FAA) is quite capable of coming up with regulations and policies that although not perfect, will be something that will satisfy many - if not most - stakeholders.  Moreover, it will almost certainly be a national standard that will provide for predictability and uniformity, which are important to most stakeholders (businesses and government agencies that wish for greater use of UAVs in the U.S.)

I believe the more troublesome issues are, and will be for some time, associated with UAVs that are used to collect information (of any kind).  First, because it is unclear whether the FAA has the authority or the internal capability to develop regulations around such issues as privacy, data ownership and data protection. Second, because the existing laws and policies on these issues in the U.S.are outdated, in a state of flux and/or often misunderstood. Third, because the issue is a  sensitive topic across the political spectrum; the left and the right are both concerned about who will collect the information and how it will be used. Finally, because there are so many other government authorities that have, or hope to have a say on these issues, including the Federal Trade Commission, state authorities and the courts (federal and state).

The result in the near term is likely to be a patchwork of inconsistent and in some cases conflicting laws and regulations as to what is required in order to begin collecting information, what information can be collected and how it can be used. The challenge for organizations that wish to collect such information will be to work through this legal and regulatory minefield in a manner that maximizes the benefits while minimizing the legal risks. Unfortunately for the FAA, it will sit in the middle of that likely mess and will continue to take much of the blame. 

I am not surprised to hear that there are those who question the FAA's ability (or willingness) to restrict some commercial use of UAVs. I imagine that the FAA is unlikely to challenge the use of very small UAV's, flown at low altitudes, over private property, for limited purposes, with the informed consent of the owner, even for "commercial purposes".  However, I do believe that in the near term the further one moves away from those set of conditions, the more likely you are to run up against some legal or regulatory authority.  

Tuesday, December 31, 2013

ICYMI Top 5 Spatial Law and Policy Stories From the Past Week

The Centre for Spatial Law and Policy prepares a weekly update for its members. Listed below are links to five stories from the past week that will impact the geospatial community.  More information about the Centre for Spatial Law and Policy can be found here.  

Directions Magazine eBook on Spatial Law - Directions Magazine has published a compilation of articles from its website related to Spatial Law and Policy. They asked me to write the introduction. (The book is free) 

Google Street View Case Granted a Rehearing  (Slaw) I highly recommend reading the article and then the comment - it is a terrific example of how lawyers/policymakers and engineers can use the same language to mean different things. 

Innoweb BV v Wegener ICT Media BV,  (court decision) Recent decision from European court that will impact use of OpenStreetMap data subject to the OpenDatabase License.

Government Take Down Requests Rising Says Google  (Forbes) This story has been reported in previous updates, but I noted a quote that highlights how organizations (in this case government agencies) will try to use legal uncertainties to address policy (or personal) concerns. 

The Chief Data Officer: an executive whose time has come.  (GigaOm)  I believe a Chief Data Officer would also be beneficial in addressing concerns over privacy, intellectual property rights, licensing, data quality, etc. 

Monday, December 16, 2013

Recent Federal Trade Commission (FTC) Settlement Will Make It Harder to Collect and Share Geoinformation In US.

The Federal Trade Commission" (FTC) recently entered into a settlement (subject to final approval) that will have a significant impact on the entire geospatial community. The settlement, in connection with In re Goldenshores Technologies, LLC , involved the collection of "geolocation information" from a mobile device app.  Geolocation information is defined in the settlement documents as "precise geolocation data of an individual or mobile device, including but not limited to GPS-based, WiFi-based, or cell-based location information." [emphasis added]
Goldenshores Technologies, LLC  ("Goldenshores") developed “Brightest Flashlight Free,  a free, ad-supported app that enables the device to act as a flashlight. According to the FTC, the app transmits when running, or could transmit, the device’s “precise geolocation along with persistent device identifiers that can be used to track a user’s location over time” to third parties, including advertisers. The FTC alleged that the app collected (and shared) the device's location prior to obtaining the individual's permission and did not adequately disclose with whom the information was shared.  According to the FTC, such practices are prohibited under Section 5(a) of the FTC Act as "deceptive and unfair acts or practices in or affecting commerce".

The settlement states that  Goldenshores' apps must . . . " not collect, transmit, or allow the transmission of such [geolocation] information unless such application: 

A. Clearly and prominently, immediately prior to the initial collection of or
transmission of such information, and on a separate screen . . .  " states

1. That such application collects, transmits, or allows the transmission of,
geolocation information;

2. How geolocation information may be used;

3. Why such application is accessing geolocation information; and

4. The identity or specific categories of third parties that receive geolocation
information directly or indirectly from such application
; and

B. Obtains affirmative express consent from the consumer to the transmission of
such information". [emphasis added]

The settlement only applies to mobile apps, however  its impact will be felt throughout the geopatial community. 

First, the FTC's definition of geolocation information to be protected is broad and imprecise.  For example, it includes location information collected from GPS, WiFi or cell towers.  Those familiar with geospatial technology will recognize that these technologies collect location in a number of applications and with varying degrees of precision. Also, it applies to location information collected on an individual or a mobile device. Moreover, the definition states that it includes, but is not limited to location information collected from those technologies. This suggests that other location-enabling technologies may also be subject to privacy scrutiny, which is important because the FTC has very broad enforcement powers. As a result of this broad definition, it will become increasingly difficult for a broad range of geospatial technology companies to determine if they need to include a privacy statement when collecting location information.

Second, the settlement states that before an app can transfer geolocation information collected from a mobile device to a third party, it must obtain "affirmative express consent" from an individual after providing proper notice. Such notice must include "[t]he identity or specific categories of third parties that receive geolocation information directly or indirectly from such application." 

Anyone following the geospatial community over the past few years knows that new markets and opportunities for location data are continuously developing. Many of these new opportunities rely on location data from mobile devices. In this environment, it will be very challenging to provide consumers proper notice as which third parties will receive the location data or how it will be used. As a result of the In re Goldenshores Technologies, LLC settlement, companies will need to go back and get consumer authorization each time they wish to change with whom they will share location information.  Alternatively, they may decide that this is cost prohibitive and decide not to enter into that market. 

The settlement should also result in both geospatial data providers and data users updating their terms of use and/or license agreements. In light of the settlement, users of geospatial data may consider obtaining a representation from a data provider that the data has been collected in a manner that adequately protects a consumer’ privacy and that the consumer has agreed to have it distributed for this particular purpose. Data providers may seek a covenant from customers that their geospatial data will not be aggregated with third party data in ways that will infringe upon consumer privacy.