At the Creating the Policy and Legal Framework for a Location-enabled Society conference in Boston, Kirk Goldsberry, who is a Visiting Scholar at the Center for Geographic Analysis at Harvard, gave a fascinatng presentation with the help of two of his students on the topic of personal geographic data and privacy.
According the the Federal Trace Commission, which is responsible for protecting privacy at the Federal level, the 4 holy data types are
- Financial data
- Medical data
- Data about children
- Geographic data
Goldsberry's main point was that the first three are treated as very sensitive and there is a legal framework to ensure these data types are protected. When it comes to geographic data, on the other hand, there is very little by way of policy or legal infrastructure ro protect personal geographic data.
As an example he cited the iPhone. About two years ago it was disclosed that iOS devices maintain a database that potentially could be used to track the movements of users. In response Steve Jobs in an email said that "We don't track anyone. The info circulating around is false."
Without the user's explicit consent iOS doesn't record GPS location, but does record the location of cell towers and Wi-Fi access points, which can be used to create a clear general track of a user's movements.
To show what was possible with this iOS database, two of Goldsberry's students voluteered to carry an iPhone (with location disabled) for a couple of weeks. Goldsberry used the iOS database recording cell towers and Wi-Fi access points to put together maps that showed pretty clearly where the students had been including long distance trips and their daily routines. For example, one student had travelled to Seattle for a conference and had stayed in a hotel. The student's location at and around the hotel and conference were not hard to discern. The student went to a Mariner's game and from the location determined through the iOS database it was very clear that the student was at Safeco Field.
Limited legal and policy protection for personal geographic data
I interpreted what Goldsberry showed as not targetting Apple specifically, but that there is very little policy and legal protection for personal geographical data.
A number of speakers made the point that technology, including GPS and GIS, has moved so rapidly and regulation and legislation move so slowly that for personal geographic data, the horse has already left the barn. It is too late to close to the door.
There is the risk that hasty legislation or regulation on privacy and personal geographic data could prevent or inhibit the very real social benefits the technology is capable of delivering. The approach that several speakers recommended is to enable governments to experiment, so that regulation or legislation on privacy of personal geographic data is able to optimally walk the fine line between protecting privacy on one hand, and enabling the social beneifts the technology is capable of on the other.
I commend Kevin Pomfret, Excecutive Director of the Center for Spatial Law and Policy, for organizing such an important conference at such a critical time for geospatial technology.