Sunday, March 6, 2011

Geolocation Check-ins: A Teenager's Perspective (Part II)

This is my 17 year old son's second installment regarding privacy concerns associated with teenagers using location-based services and social media. (You can find the first installment here.) For this installment I asked him to review the privacy policies of Foursquare, SCVNGR, Facebook Places and Google Latitude. I then asked him to (i) comment on whether he understood the policies, (ii)compare the policies and (iii) describe any privacy concerns he may have after reviewing the policies. His post follows:

The Privacy Policies of the four different location applications, Foursquare, SCVNGR, Facebook Places, and Google Latitude all have pretty much the same policies except for a few minor details. For example, with Foursquare your information is only used with your permission. They list in their policy what information they will be sharing with others and what of your information is kept secure. You give them certain information based on your check-ins and the messages and tips that you put out there. Your information isn’t legally allowed to be given out to other companies and agencies. Because you have a password protected account, your information cannot be shared unless you give them permission to give it out. The other two, Latitude and Facebook Places, both have policies very similar to these, and as far as I could tell from reading them, they have no significant differences that would change the amount of information that is being shared.

SCVNGR has a very similar policy except for the fact that for some features you have to pay, which means that they record your credit card number and other related information. They also cannot release your information to other companies because it is illegal, according to the policy outlined by the companies.

In my opinion, these policies are pretty clear about what they do and how your privacy is protected when you release your information to them. The wording is pretty easy to understand, and they seem to highlight all the important information that someone who wants to understand how their privacy is being protected would need to know. The policy for Facebook Places is the easiest to understand because it shows you through pictures what you need to do and where you need to go to monitor what information is released. The rest of the policies clearly outline what you need to do to make your privacy even more secure, but none are as clear as Facebook Places.

I think that these companies have made pretty good policies regarding what of your information they release to other companies. It does not seem like, unless you are very concerned with even the smallest bit of your information being released, there is much to worry about when you use these applications. When you use these applications, you willingly tell people where you are, where you are going, who you are with, and what you are doing. Just by deciding to use these applications, you are allowing your information to be shared because you are putting it out there yourself. According to the policies, they don’t give out information that could lead to anything that could be harmful to you or endanger you, so there really is nothing to worry about in my opinion.

Friday, March 4, 2011

Government's Use of Tracking Technology: More Than A Constitutional Issue?

I have written in the past about a series of recent court cases in the United States involving the Fourth Amendment and a reasonable expectation of privacy from a location standpoint. The cases have either involved (i) law enforcements' use of GPS tracking devices to follow potential suspects for long periods of time (see e.g. this article from the Berkley Technology Law Journal) or (ii) efforts by law enforcement to obtain location data of mobile phones from telecommunications carriers (see e.g. this decision) -without a warrant.

From a legal standpoint these cases raise some very difficult and important issues regarding both the Fourth Amendment and the clearly outdated Electronic Communications Privacy Act (ECPA). I will not go into the details of either here, other than to say that courts are split in both types of cases as to whether a warrant is required before location data is collected or obtained.

However, as equal importance as the legal analysis is that the public position of the Obama administration - through the Department of Justice - in each federal case appears to have been that a warrant is not required. Their argument is that an individual does not have a reasonable expectation of privacy while in public places. (I believe without further research that this policy is consistent with all other administrations that have faced this issue.) Now, while this position is justifiable from a legal standpoint given U.S. case law, I have been increasingly concerned about the potential foreign policy and national security implications of such a position. Specifically, I wonder whether in the future the United States will be in a position to condemn what will undoubtedly be increased use of such tracking technology by authoritative regimes to suppress democratic movements - such as those we have seen recently in the Middle East.

Enhancements in sensor and software are making it relatively easy for governments to track dissidents in near real time. It also is increasingly possible to identify their likely friends, families and associates through their respective public movements. In addition, governments will be able to see as individuals begin to meet in central locations and take preventative steps before the crowd gets too big and difficult to control.

Undoubtedly, some of this technology is being already being used on a smaller scale, both in the United States and in countries around the world. However, China recently announced an official effort to begin using location information from mobile phones to track citizens' movements on a broad scale. The stated reason for the policy reportedly is to help with traffic problems. As many publications have already reported (see e.g. NYT article , Mobiledia report and Frontline) however, the potential for use (or misuse) is much broader.

The problem, as I see it, is that as the technology is used openly by Chinese authorities - and others - to monitor and quell dissent, it will be very difficult for the the United States to challenge such use privately or in the court of public opinion. After all, it has gone on record as saying that individuals do not have a reasonable expectation of privacy when in public under the U.S. Constitution. What right will it have to challenge another government taking basically the same position?

I certainly understand and appreciate the need for law enforcement (and homeland security) to use all the tools at their disposal to execute their mission. As I stated above, I also understand the legal position taken by the Justice Department attorneys in these cases. In addition, as this article points out, there are a number of other important reasons why government authorities want to obtain an individual's location as quickly and accurately as possible without having to obtain a warrant.

However, I hope that those within U.S. government responsible for foreign policy are looking at the bigger picture when it comes to tracking technology, much as they have done with respect to the role of the Internet to foster democratic values. I also hope that the Central Intelligence Agency and Department of Defense are assessing the potential impact the technology will have on collection efforts and covert operations. In developing U.S. policy regarding the use of tracking technology, it is important to consider that as effective as it is for protecting U.S. citizens at home, it may even be used more effectively to harm US interest by foreign governments not limited by our system's check and balances.