Spatial Law and Policy Update (April 28, 2014)

SPATIAL LAW AND POLICY UPDATE

"Where Geospatial Technology Is Taking the Law"

Privacy

MY QUESTION TO NIGERIAN’S WHO CLAIM THEIR LOCATION PRIVACY IS INVADED  (Strategy and Geography) 

The Privacy Paradox and the Boston Marathon  (Spatial Law and Policy Blog)

InBloom Wilts Amid Privacy Backlash  (IAPP) Well funded education tech company goes out of business due to privacy concerns over business model. "Regardless of the merits of either of these arguments, the lesson for companies in ed tech and beyond should be loud and clear: Privacy is a core business concern. And as should be evident from the inBloom case, getting it right means a lot more than just complying with applicable laws and regulations. Privacy isn’t just about regulatory compliance. It’s about setting the tone of your message, managing consumer expectations, bringing the public along with you for the ride, avoiding privacy lurches  and not creepy . It’s more an art than a science."

Case Law: Weller v Associated Newspapers Limited, Paparazzi, beware – Alexia Bedat  (Informms Blog)  Detailed discussion of how UK court examines privacy tort claims. 

If You Get A Misdelivered Package, UPS Will Give A Stranger Your Home Address  (Forbes) I wonder how big of a concern this would have been 20 years ago?

Privacy Laws in Asia  (JDSupra)

Licensing

The Supreme Court's struggle to grasp Aereo's tiny TV antennas  (LA Times)  The Supreme Court's decision in this case could impact the geospatial community.

Licensing and the public domain  (Spatial Reserves)  Blog post discusses various open licensing types, including the ODbL. "For some organisations integrating OSM data with their own private data, or organisations who are mandated to make their data available in the public domain (for example the US Geological Survey), wider use of this data resource is not an option and the benefits of crowd-sourced, free and open datasets like OSM will never be fully realised."

Data Quality

Data Scientists Not Required: New Alteryx Release Puts Predictive and Customer Analytics in the Hands of Every Analyst  (Directions) Critical, real-time decision making being pushed further down into organizations may result in data being used/analyzed in ways it is not suitable. 

CreepShield Claims to Out the Creeps in Online Dating  (NYT) The site returns results showing the photos and names of offenders in its database — even when they are obviously far from a match.

GPS may not keep pace with I-49 name change, app developer says (4029tv.com)

Government

    Spatial Data Infrastructure/Open Data

    Draft Open Data Policy for Qatar  

   

    Public Safety/Law Enforcement/National Security

    Mapmaker Who Used Chinese Subcontractors to Create Military Maps Gets Probation  (CBS)

    Sheriff ran air surveillance over Compton without telling residents (LA Times) Sheriff did not feel it was important to notify residents because there were already a number of CCTV cameras on the ground. 

    Prosecutors: GPS device tracked murder victim  (wdnt) Troubling if true. 

    ACLU Argues Against Warrantless Cell Phone Tracking Before Federal Appeals Court  (ACLU) 

Technology Platforms

GNSS

Japan’s Plan for Centimeter-Resolution GPS  (IEEE Spectrum)

Indoor Location

Survey of 9-1-1 Dispatchers Finds Many Indoor Callers Cannot Be Located on Wireless Phones  (Directions)

UAVs

Texas EquuSearch Files Suit Against FAA  (UAVSI) 

Drones could revolutionize weather forecasts, but must overcome safety concerns  (Washington Post)

Sensible regulation of small drones would foster innovation and protect privacy  (IEEE Spectrum)

Drone flight near Vancouver airport attracts Transport Canada, RCMP attention  (CTV News)

Internet of Things/Smart Grid/Intelligent Transportation Systems/Autonomous Vehicles

British Gas' smart Hive thermostat can now respond to a home owner's location  (engadget)

Why Data from Automated Vehicles Needs Serious Protection  (GPS World) "The data generated is both of a critical and personal nature. And data that is moving in and out of the vehicle to be processed elsewhere or to communicate with other vehicles is particularly vulnerable. The consequences are far greater than a violation of privacy or a stolen identity."

Overcoming speed bumps on the road to telematics  (Deloitte)

Remote Sensing

Russian Sanctions Have Killed Canadian Satellite Launch  (Sensor and Systems)

Crowdsourcing

AMATEUR FOOTAGE: A GLOBAL STUDY OF USER-GENERATED CONTENT IN TV AND ONLINE-NEWS OUTPUT  Study suggests that crowd sourced content does not receive proper attribution.

Miscellaneous

The problem is not Uber — the problem is missing regulations  (Sensor & Systems)  This is not just an Uber problem. It’s a problem we face with every “innovation”

The Privacy Paradox and the Boston Marathon

Having grown up in the Boston area, I have been following with great interest the story about the runner at the Boston Marathon who collapsed and was picked up an carried by other runners towards the finish line. It was a heartwarming story, particularly given the tragic events at last year's marathon. However I should not have been surprised, given the state of today's media, that there has been a backlash over the past 24 hours with at least one website disputing how far the runner was carried and whether he was carried across the finish line or whether he finished himself.

As a geoprivacy geek, what caught my attention with the most recent reporting was that the initial reporter specifically states that he will not disclose the fallen runner's name because the runner had asked to have his privacy protected. However the website disputing the initial accounts went on to identify the runner, based in part I assume on the number on his running bib that was captured on video and cameras at the finish line.  (There is a website that allows you to search runners by bib number.)

This incident highlights to me the challenges that we will face in the not too distant future as lawmakers, regulators and judges try to protect privacy in public places. I often refer to this as the "Privacy Paradox". Our location in public spaces, and accompanying information about what we are doing, who we are with, what we are looking at, etc. are being collected in more ways and by more people than ever before. However, we increasingly are expecting greater privacy. (Twenty years ago I don't think many runners (or spectators for that matter) worried about their privacy at the Boston Marathon - I know my family didn't when we used to run watch).

Presumably, the runner signed an acknowledgement (or waiver) that his bib number would be public and tied to his name.  However, I wonder if this document addressed the release of his name in highly public (and perhaps embarrassing) dispute such as is now taking place. Similarly, it is unclear as to why Deadspin felt the need to disclose the runner's identity; however should such disclosure be considered a violation of the runner's privacy?  Even if he had specifically asked not to have his name identified?

Privacy in public places. It may not prove to be a paradox, but it is going to be a long and difficult journey.

Key Spatial Law and Policy Links From Last Week

View Spatial Law and Policy Links in a full screen map

The Role of Trust and the Future of Augmented Reality

On March 26, I spoke to the Augmented Reality Community meeting held in conjunction with the Open Geospatial Consortium (OGC) Technical and Planning Committee meeting held in Arlington, Virginia.  Quite understandably, the subject of trust and Augmented Reality (A/R) quickly turned to privacy. 

I had a hard time coming up with what to say on this subject.  First, because Augmented Reality can /and will involve many diverse technologies and applications. Second, because concerns over A/R technologies often drown out discussions regarding the value of many A/R applications.  

So I began my talk at the beginning - by breaking down the elements of A/R.  Augmented  Reality  is defined on Wikipedia as "a live, copy or view of a physical, real-world environment whose elements are augmented (or supplemented) by computer-generated sensory input such as sound, video, graphics or GPS data."

Breaking it down, what are the privacy concerns in "reality"? I would suggest there are two primary issues for the A/R community to consider in this area:

1.    Historically there have been different expectation of privacy when a person is in public then when they are are in a private place.  However those expectations are beginning to change; more and more courts, regulators, policymakers, academics, privacy advocates and even technologists are redefining the what expectations of privacy in public should be reasonable give new technological capabilities. 

2.    What are the privacy expectations with respect to an object? Increasingly there have been growing expectations of privacy with objects, such as mobile phones.  How will this translate to other objects, such as automobiles, or the outside of homes. 

.        Next, what are the privacy concerns associated with augmentation - "the elements are augmented (or supplemented) by computer-generated sensory input such as sound, video, graphics or GPS data."  I would suggest there are two primary issues for the A/R community to consider with respect to augmentation. 

1.    Are you augmenting with public input (data) or private input (data)? Obviously there is a greater private concern associated with private data. However, there are increasingly concerns with public data as well. For example, the New York newspaper that posted a controversial interactive map of publicly available names and addresses of registered gun owners. 

2.    What is the definition of “public” data?     Social media is pushing the limits of what has is considered public and what is private. However, do people appreciate how available the posted information will be become and how it might be used? Are some types of social media more “public”?

Based upon this analysis, I came up with three questions that I believe the A/R community should consider when building applications and use cases.   These questions can help define the framework in which to determine the potential impact of A/R in a market/jurisdiction. Also, should expect that the answers will change over time, and in some cases will be “individual”-specific, such as when a minor is involved.

1.    If/when does the display of augmented public data of someone who is in the public violate that individual’s privacy?

2.    If/when does the use or sharing of augmented public data of someone who is in public violate that individual’s privacy?

3.    Is there ever a time when the display and/or use of augmented private data of someone who is in private worth the potential/perceived violation of that individual’s privacy?   If the answer is yes, when is it appropriate by whom?

ICYMI Five Spatial Law and Policy Links From Around the World

German DPAs issue guidelines on CCTV use  (Hunton &Williams)  Link to Germany's policy (in German). 

Offshoring Data  (Coors, Chambers, Westgarth)  Impact of new Australian privacy laws on companies that offshore data processing. 

Turkey bans Twitter to uphold 'privacy of citizens'  (allvoices) Protecting privacy is often cited as the reason to limit the collection/use/sharing of information. 

Malaysia plane search: China checks new 'debris' image  (BBC) The search for the missing Malaysian airline has shown both the power of geospatial technology and the challenges in sharing data among nations. 

India to promote geospatial technologies with BRICS partners   (Geospatial World)

In addition, I encourage you to read Privacy Pragmatism in the current issue of Foreign Affairs. Craig Mundie does an excellent job of highlighting what I believe to be some of the challenges to protecting location privacy under existing constructs and suggest an alternative approach. 

The Role of "Oversight" In Today's World

There has been a great deal written recently regarding the need for increased oversight of the Intelligence Community's growing use of new and innovative technology. However, I question whether increased oversight is the answer. The problem as I see it is that the legal/policy communities have shown that they are unable to keep up with advancements in technology and its impact on society. In my role as Executive Director of the Centre for Spatial Law and Policy I see people struggle daily with how to address important issues associated with the internet, Big Data, mobile devices and UAVs. Very soon these issues will also include Intelligent Transportation Systems and Autonomous Vehicles, Smart Grids, Augmented Reality, Smart Cities and the Internet of Things. (As an aside, many of these issues involve the power of location information.)  Increased oversight without an accompanying legal and and policy framework to address these issues is unlikely to do more than score a few political points.  The ability to conduct oversight is limited if you don't know the questions to ask and/or you don't know what the answers truly mean.  However, it is effectively eviscerated if the laws and policies are either so outdated or vague that they can quite honestly be interpreted in numerous ways.  

UAVs in the US: My Perspective

A number of people have been asking me  for my thoughts on the legal issues associated with the use of UAVs in the United States in light of a couple of recent articles. (See e.g , FAA Says Commercial Drone Operations are Illegal . . Public Says So What? and Busting the FAA's "Myth Busting Document".) Clearly, there are a number of what I would deem technical/safety issues associated with integrating UAVs into the existing legal and policy framework surrounding aircraft. These include issues such as licensing, spectrum, training, etc. I don't mean do downgrade the importance of these issues in order to facilitate the broad adoption of UAV use in the U.S., however my sense is that the Federal Aviation Administration (FAA) is quite capable of coming up with regulations and policies that although not perfect, will be something that will satisfy many - if not most - stakeholders.  Moreover, it will almost certainly be a national standard that will provide for predictability and uniformity, which are important to most stakeholders (businesses and government agencies that wish for greater use of UAVs in the U.S.)

I believe the more troublesome issues are, and will be for some time, associated with UAVs that are used to collect information (of any kind).  First, because it is unclear whether the FAA has the authority or the internal capability to develop regulations around such issues as privacy, data ownership and data protection. Second, because the existing laws and policies on these issues in the U.S.are outdated, in a state of flux and/or often misunderstood. Third, because the issue is a  sensitive topic across the political spectrum; the left and the right are both concerned about who will collect the information and how it will be used. Finally, because there are so many other government authorities that have, or hope to have a say on these issues, including the Federal Trade Commission, state authorities and the courts (federal and state).

The result in the near term is likely to be a patchwork of inconsistent and in some cases conflicting laws and regulations as to what is required in order to begin collecting information, what information can be collected and how it can be used. The challenge for organizations that wish to collect such information will be to work through this legal and regulatory minefield in a manner that maximizes the benefits while minimizing the legal risks. Unfortunately for the FAA, it will sit in the middle of that likely mess and will continue to take much of the blame. 

I am not surprised to hear that there are those who question the FAA's ability (or willingness) to restrict some commercial use of UAVs. I imagine that the FAA is unlikely to challenge the use of very small UAV's, flown at low altitudes, over private property, for limited purposes, with the informed consent of the owner, even for "commercial purposes".  However, I do believe that in the near term the further one moves away from those set of conditions, the more likely you are to run up against some legal or regulatory authority.