Monday, March 29, 2010

Location Privacy - Will Congress Decide?

Cnet is reporting that a number of major technology companies have joined with liberal and conservative advocacy groups to convince Congress to update federal privacy laws. According to the report, Google, Microsoft, AT&T and others hope that Congress will revise the Electronic Communications Privacy Act (ECPA) so as to provide further protection for spatial data as well as data stored and used in cloud computing. Such protection would include, in many instances, requiring the government to obtain a warrant in order to access a company's location information of its customers and to limit requests only for information related to a specific account or individual. (As has been previously discussed here, judges have reached different conclusions on whether a warrant is required for law enforcement to collect location data from wireless carriers).

It is important to note that the purported revisions would not apply to the private sector. However, if these changes were to become law, it will surely raise the expectation of privacy a citizen/consumer may expect in their location data in both the public and private sector.

Moreover, in light of the recent Congressional hearing on consumer privacy with respect to location-based services, it appears that Capitol Hill will be a focal point in the U.S. on this topic for the next year.

Saturday, March 27, 2010

CTIA Issues Revised Privacy Best Practices For Location Services

The CTIA has revised its best practices and policies for protecting consumer privacy with respect to location-based services. The revised policy was released a few weeks after Congressional hearings in the U.S. on this same subject. CTIA's earlier version was geared to wireless carriers. The revisions became necessary as location-based service are now being provided by a broader range of companies, including device manufacturers and application developers.

In publishing its best practices, CTIA clearly believes that industry self-regulation is preferable to alternatives, such as legislation. It will be interesting to see whether Congress agrees.

Friday, March 26, 2010

Spatialist Workshop

I attended the “Workshop on legal aspects of geographic data and spatial data infrastructure” on March 19, 2010. It was held at the Interdisciplinary Centre for Law and ICT (ICRI) at K.U. Leuven in Belgium. The workshop was attended by a number of lawyers and others interested in legal and policy issues from across Europe. Harlan Onsrud, who I am sure many of you know for his groundbreaking work in spatial law and policy matters - as well as his many other efforts, including Executive Director of the Global Spatial Data Infrastructure - was the other representative from the U.S. Katleen Janseen and the ICRI were wonderful hosts and the workshop was very informative due to the quality of both the presentations and the discussions that took place. I recommend that anyone interested in the legal and policy issues associated with spatial data infrastructures visit the Spatialist website ( where the presentations will be posted, as well as keep an eye out for a book that will be published later this year. In addition, I believe ICRI is planning on hosting a similar event next year and I encourage those interested in this topic to put March 18, 2011 on their calendar.

Monday, March 15, 2010

A recent New York Times article reports that cabbie drivers in New York City have overcharged passengers millions of dollars by using an improper higher mileage rates. The city's Taxi and Limousine Commission used GPS systems recently installed in NYC taxis to determine the extent of overcharging and to identify culprits. These GPS systems were installed after a federal court judge decided in 2007 that taxi drivers did not have a reasonable expectation of privacy when they drove on public roads during working hours and that reasonable safeguards were being taken to protect the confidentiality of electronic data that was collected. According to news reports, he also presciently stated that "the value of the G.P.S. technology to customers would outweigh any privacy expectations on the part of drivers".

I wonder whether the California Public Utilities Commission will keep this story in mind when reviewing this case?

Thursday, March 11, 2010

How to Build a Spatial Law and Policy Community?

Over the past two months, I have had occasion to consider the legal and policy issues associated with how spatial data is collected, used and/or distributed by a variety of spatial technologies and for a number of different applications. For example, I recently attended the International Commercial Remote Sensing Symposium, the ESRI Federal User's conference, and a discussion of the U.S. Department of Homeland Security's Homeland Security Infrastructure Protection (HSIP) program. In addition, over that same period I participated in a board meeting of the Open Geospatial Consortium, and a conference call on data sharing for the Global Earth Observation System of Systems (GEOSS). I also counseled clients in a number of commercial transactions and have been preparing a series of talks on legal and policy issues associated with spatial data infrastructures (SDI).

This process has further strengthened my belief that the fundamental legal and policy challenges associated with the collection, use and distribution of spatial data are universal. That is, the GIS coordinator for a small town or city, faces the same issues as the in-house legal counsel at a commercial satellite imaging company or a social networking company and the international climate change expert attempting to access global environmental data. These issues include intellectual property rights, licensing, national security, data quality/liability and privacy. The relative importance of these issues may vary, depending upon what role an organization plays in the process and the type of issue being addressed. However, the core set of issues are the same.

Unfortunately, I do not think that many of those in these positions see themselves as being part of a broader community of spatial law and policy professionals. Instead, they believe they are dealing with a set of issues unique to their business or agency or issue. This view, while understandable, contributes to the lack of a consistent and transparent legal and policy framework for spatial data. In fact, one can argue that such a framework is not possible until the broader community is identified and energized. Which raises the question, is such a community possible, and if so, how can it be developed?

Sunday, March 7, 2010

Is the EU "short-sighted" when it comes to Street View?

Many European governments (and citizens) have expressed concerns about the privacy implications associated with Google's Street View - the street level images taken from cameras mounted on cars. Most recently, the European Union (EU) advised Google that it should warn towns and cities before beginning to collect images from its Street View vehicles. The EU, according to press reports, also suggested that Google should keep original photos online for only six months instead of a year. (Ironically, this could result in Google having to reshoot Europe every six months, which should raise even more privacy concerns.) This request was made even though Google is taking images from public places and already posts the itinerary for its vehicles on-line and blurs faces and license plates and will remove an image upon request.

The EU increasingly appears to be coming down on the side of individual privacy at the expense of Street View technology. As a result, Google may decide it no longer makes sense to offer Street View in Europe. However, one might question if the EU fully appreciates the value of the Street View data or has truly weighed the opportunity cost associated with losing this service in Europe.

Street View is more than a series of random images of a city or town. It is an organized collection of important information about a location at a given point in time at no cost to the government and available to its citizens for free. This information has tremendous potential value for future as well as current use. For example, imagine how valuable Street View would have been after the recent earthquakes in Haiti or Chile. Rescue workers would have been able to identify where to search with much greater precision and the images would have provided valuable information for reconstruction efforts. Unfortunately, European cities are at risk from similar natural disasters. Or imagine what today's historians could do if they had access to similar imagery of ancient Greece.

Protecting individual privacy is difficult, as the concept itself generally has both a legal and a cultural component. It becomes even more of a challenge when new technology is introduced, and often results in a cost/benefit analysis. However, any such analysis must be thorough and well informed. Restricting the use of new technology without such a rigorous analysis may ultimately prove to be short-sighted.

Friday, March 5, 2010

Congressional Hearings on Location Privacy

There has already been a good deal reported about the recent Congressional hearings regarding the privacy implications associated with the collection and use of location data on mobile devices. It should not be any surprise that Congress is taking a look at this issue, given the growing number of devices and associated consumer applications as well as the potential implications associated with this technology. Nor should it be surprising to hear Representative Rick Boucher state that future legislation will likely include provisions addressing this issue, as Congress been down this road before, including proposed legislation from then Senator John Edwards. In fact, it would probably be prudent for all companies in the U.S. that collect or use customer location data to become familiar with the privacy regimes associated with medical records (HIPAA), consumer credit (Fair Credit Reporting Act) and financial information (Graham -Leach- Bliley Act), as Congress and the Federal Trade Commission appear to have a framework they like to use on privacy matters. It is very likely they will try to apply a similar framework for location data.