Geolocation Technology and Privacy Issues
Innovations in technology have fundamentally altered the manner in which consumers, businesses and governments alike transact business in recent years, and the efficiencies these technologies provide have been responsible for increased international commerce and improvements in quality of life standards for tens of millions of people. Offsetting these benefits, though, is the potential for the exploitation of personal information that is exchanged during online transactions, as well as the increased use of geolocation applications that can track consumers’ whereabouts and purchasing behaviors in ways only dreamed of by marketers in the past. While many consumers want and need to know their precise geographic location to help them navigate their way through serpentine city streets and during long-distance trips, the potential for the misuse of geolocation information is alarming and demands attention by Internet service providers as well as government authorities to ensure that privacy considerations are taken into account and protected. To determine the current state of affairs with respect to geolocation technology and privacy issues, this paper provides a review of the relevant peer-reviewed and scholarly literature, followed by a summary of the research and important findings in the conclusion.
Review and Discussion
Background and Overview
Geolocation Technology. The term “geolocation” simply means identifying a specific location within a few feet on the earth’s surface through the use of geosynchronous positioning satellite systems. At present, geolocation services are already being provided by a number of online service providers and the technology is expected to become easier to use and more accurate in the near future (Thierer & Crews, 2003). For instance, according to Thierer and Crews, “Global positioning system chips are decreasing in price and finding their way into laptops, and commercial opportunities exist to offer services on the basis of geography: one might soon be able to step off a plane, open a laptop or handheld personal digital assistant, and find an ad for local restaurants with automatic delivery displayed on the first sponsored Web site one visits” (2003, p. 25).
Although geolocation technologies have been shown to possess relatively high levels of accuracy for marketing purposes, they remain imperfect, both for the Internet and other forms of network communications (Matwyshyn, 2004). Moreover, geolocation technologies fail to provide adequate levels of certainty for jurisdiction purposes to be established as the tool of choice for the identification of appropriate jurisdictional authority. For example, the European Union has taken the position that geolocation technologies remain insufficiently reliable and therefore are unable to be used for the purpose of assessing value-added tax on e-commerce (Matwyshyn, 2004). Notwithstanding these constraints, current trends suggest that geolocation technology will continue to increase in sophistication and power in the near-term as the inexorable march towards pervasive computing continues, fueled in large part by the geolocation devices described further below.
Geolocation Devices. Typically, geolocation devices perform two basic processes:
1. Report the user’s location to other users; and,
2. Associate real-world locations (such as restaurants and events) to a user’s location (Ionescu, 2010).
The proliferation of Internet-enabled mobile devices has contributed to the availability of specially designed geolocation apps. These mobile device geolocation apps deliver a more robust and dynamic experience compared to desktop PCs since the telemetry that is used to calculate the geolocation data changes as the physical location of the user changes (Ionescu, 2010). According to Ionescu (2010), so-called smartphones are equipped with an internal GPS chip that uses satellite-generated data to calculate users’ precise position; these technologies operate best with a clear sky and when used outdoors.
Even under less than optimal conditions, though, geolocation chips are capable of triangulating an approximate position based on data available from nearby cell towers that is not as precise but which has improved in recent years (Ionescu, 2010). There is also an approach termed “assisted GPS or A-GPS” in which geolocation systems use the foregoing-described triangulation methodology together with GPS and local Wi-Fi networks, where available, to calculate an even more accurate location (Ionescu, 2010). In sum, Ionesco notes that, “As long as the sky is fairly clear, the geolocation app on your phone can ascertain your position reasonably accurately. Indoors, however, it’s less accurate, and in locales where storefronts are in very close proximity, you may have to select your location manually from within the app interface. Eventually, though, more-advanced A-GPS systems should increase the accuracy of geolocation positioning inside buildings” (2010, para. 3).
This and other recent developments in geolocation apps have represented an opportunity as well as a challenge for privacy advocates who are concerned about the implications of having consumer whereabouts — and potentially behavior — known at all times. The opportunities, though, are clear. For instance, Twitter launched a geolocation app in 2009, “API,” that third-party developers can use in their own apps, and a growing number of Twitter-based and desktop PC applications, including Twitterrific and Tweetie, allow users to attach their current locations to their postings (Ionescu, 2010). This Twitter-based geolocation app has also been placed on the company’s main Web site and users are identifying new ways to use their tool everyday. For instance, although it is not as easy to use as other geolocation apps such as Brightkite or Foursquare and does not feature any incentives (such as points) for use, Twitter’s advanced search features allows users to search for tweets emanating from a specific location (Ionescu, 2010).
Likewise, Facebook is expected to allow its almost half billion users to use its geolocation services available, and with more than 100 million users updating their status through their mobile phones, the Faceebook geolocation services is projected to become enormously popular (Ionescu, 2010). In fact, Google has released a geolocation app, Google Buzz, that allows users to simply state the geolocational information in real time that is posted on Google’s mobile maps function, together with other user location information (Ionescu, 2010). Google’s Chrome Web browser has also been equipped with geolocational features that use the global positioning system (GPS) coordinate system. In addition, Nokia has also launched a smartphone-based geolocation feature and industry analysts expect Apple to do the same with its iPhone at some point in the future (Ionescu, 2010).
Finally, radio frequency identification chips can also provide real-time ubiquitous geolocation data. Writing in National Geographic, Achenbach (2008) advises that, “An RFID tag with a microchip can be embedded in a product, under your pet’s skin, even your own skin. Passive RFID tags have a tiny antenna but no internal energy source. Batteries are not included because they are not even needed. The energy comes from the reader, a scanning device that sends a pulse of electromagnetic energy that briefly activates the tag” (p. 1). In contrast to bar codes, RFID tags can be updated and the tag includes information that is unique to the object involved (Achenbach, 2008). These RFID technologies have already been deployed in a wide range of applications. For instance, Achenbach notes that, “Already RFID technology is used by highway toll plazas, libraries, retailers tracking inventory and it might appear in your passports” (2008, p. 1). The increasing ubiquity of these devices means that the location of users can be readily discerned over time in ways that have never been possible in the past, and the implications for infringements of 4th Amendment protections abound. In this regard, Achenbach cautions that, “Privacy advocates are nervous about the Orwellian possibilities of such technology. Tracking school kids through radio tags is draconian, they say. We imagine a world in which a beer company could find out not only when you bought a beer but also when you drank it and how many beers” (2008, p. 1). Not surprisingly, a number of location-based services have been launched in recent years to take advantage of these emerging technologies, and these issues are discussed further below.
Location-Based Services. As the term implies, location-based services apply geolocation technology in innovative ways to provide new levels of service across the entire spectrum of online services. As an entirely new functionality, location-based services hold significant promise for the near-term, particularly following the mandate by the Federal Communications Commission that location-based services be used in locating 911-generated distress calls (Gulati, Sawhney & Paoni, 2003). As a result, location-based services represent one of the more rapidly growing areas in the wireless communication sector with revenues of $5 billion a year (Gulati et al., 2003). Some of the more popular location-based services are being offered by giants such as Verizon Wireless, Vodafone of Great Britain, and NTT DoCoMo of Japan, but there are also numerous smaller enterprises entering the market in the United States and Europe with typically services including obtaining information about nearby restaurants or hotels in any city, for example, but with any potential geolocation information being capable of being exploited for this purpose (Gulati et al., 2003).
Location-based services can use a wide range of information sources for their applications besides voluntarily provided geolocation data, including information that is readily available through the users’ Web browser as follows.
1. Geolocation of the user based on the user’s Internet protocol (IP) address. Location-based service companies that specialize in identity protection use this approach, and IP addresses, blocks of IP addresses and credit card billing addresses can all be used to develop a location profile.
2. Personal computer/web browser identification examines the hypertext transfer protocol (HTTP) browser header and other information from the user’s computer or device, and compares them to what are expected. This approach compares the time expected from a user’s originating geolocation with the actual timestamp that was applied to the information (Malphrus, 2009).
Taken together, these trends in geolocation technologies indicate that like it or not, consumers will increasingly be subjected to situations in which their precise geolocation is known and broadcast to others who may want to use this information for illegal or unethical purposes and these issues are discussed further below.
Legal Implications of Geolocation Technology
Although geolocation technologies have a global scope, there are some specific legal implications for these technologies as they are applied in the United States with respect to the 4th Amendment and Americans’ expectations of privacy as discussed further below.
Overview of 4th Amendment. Part of the Bill of Rights, the 4th Amendment establishes fundamental constitutional privacy protections. For instance, according to Black’s Law Dictionary, the 4th Amendment is “the amendment of the U.S. Constitution guaranteeing people the right to be secure in their homes and property against unreasonable searches and seizures and providing that no warrants shall issue except upon probable cause and then only as to specific places to be searched and persons and things to be seized” (1999, p. 657). The 4th Amendment therefore establishes an expectation of privacy among American citizens as discussed further below.
Expectation of Privacy. The specific provisions of the 4th Amendment provide the more general framework in which American citizens are guaranteed an expectation of privacy. Over the years, the Supreme Court has expanded the jurisdictional venues in which the expectation of privacy can be legitimately applied, including personally owned vehicles and other locations (Bloom, 2003). The expectation of privacy has been increasingly eroded in recent years, though, through the ability of innovative telecommunications technologies to intrude on even the sanctum sanctorum of Americans’ homes and businesses in ways never envisioned by the Founding Fathers. The issue of Internet privacy became the focus of attention in the U.S. In 1996 due in part to pressure from the European Union that had promulgated its “Data Directiev” that included protections for personal information collected by online services in member states (Matwyshyn, 2004). The response to the potential for these Internet-based technologies to invade the privacy of consumers at will was intense: “In the legal private sector in the late 1990s, the technology bubble turned the life of every technology transactions attorney into a frenzy of questions without clear answers, particularly in connection with potential privacy liability and privacy policies” (Matwyshyn, 2004, p. 494).
Despite the lack of a codified set of guidelines for disclosing data collection policies in online venues, an increasing number of enterprises elected to do voluntarily for public relations purposes and Congress decided it was time to provide standard guidelines for Web sites and other mobile services that routinely collected personal information (Matwyshyn, 2004). Although privacy advocates and business lobbies lined up on both sides of this issue, Congress finally took action and by April 2000, the United States had passed the first set of online consumer data protection legislation (Matwyshyn, 2004).
Previous Rulings and Precedents. Precedential case law that affects current applications of 4th Amendment privacy protections include the privacy protection model that was based on Justice Brandeis’s dissent in Olmstead v. United States, 277 U.S. 438 (1928). In this case, a narrow majority (five of the nine justices) held that federal official’s wiretapping of telephone wires was not a 4th Amendment-protected search or seizure activity because there was no physical trespass and no tangible evidence had been collected (Thierer & Crews, 2003). In his dissent, Justice Brandeis articulated a concept that would have far-reaching implications: “The makers of our Constitution & #8230; conferred, as against the Government, the right to be let alone — the most comprehensive of rights and the right most valued by civilized men” (Olsmstead v. United States, pp. 478 — 79).
The importance of this case would be manifest 4 decades later when the Supreme Court decided Katz v. United States, 389 U.S. 347 (1967) and applied Justice Brandeis’ reasoning in Olmstead to a forerunner to geolocation-type of information case. According to Thierer and Crews, “In Katz v. United States, the [Court] addressed the constitutionality of federal authorities’ use of an electronic listening device attached to the outside of a telephone booth used by Charles Katz, whom the authorities suspected of violating gambling laws” (2003, p. 300). Applying the rationale developed by Justice Brandeis, the Supreme Court held that electronic listening devices violated Katz’s 4th Amendment rights, despite the fact that there had been no invasion of his physical property (Thierer & Crews, 2003). In their summation, the Court stated that the provisions of the 4th Amendment protect whatever a citizen “seeks to preserve as private, even in an area accessible to the public.â€¦” (quoted in Thierer & Crews, 2003 at p. 300). In what would become known as the Supreme Court’s test for what can be legitimately considered “private” within the purview of the 4th Amendment, Justice Harlan “wrote that the protected zone of Fourth Amendment privacy was defined by the individual’s ‘actual,’ subjective expectation of privacy, and the extent to which that expectation was ‘one that society was prepared to recognize as ‘reasonable'” (Katz v. United States, quoted in Thierer & Crews, 2003 at p. 361). This privacy test was adopted in 1968 and remains the gold standard today (Thierer & Crews, 2003).
Proposed New Legislation. Effects to enact an Internet privacy bill began in earnest in 2010 when Congress proposed such a bill; however, despite extensive efforts to reach viable compromises between privacy protection and online commercial interest groups, this legislation remains stalled in the House (Ingram, 2010). Many of the provisions of this draft legislation, though, remain the focus of legislative efforts in the U.S. Senate where Senators John Kerry and John McCain began drafting an Internet privacy bill in 2010 (A new Internet privacy law?, 2011) and the bipartisan Commercial Privacy Bill of Rights Act of 2011 was announced in April 2011 (Couch, 2011).
Impact of Legislation. Perhaps the most important — and controversial — effect of the Commercial Privacy Bill of Rights Act of 2011 (the “Act”) is the requirement for online companies to be more transparent concerning their information-sharing practices and the ability of consumers to have a voice in how their personal information is used. In this regard, the Act would require companies to notify consumers before they collect any data and would allow them the opportunity to opt-out of such data collection (Couch, 2011). Critics of the Act, though, argue that it does not go far enough in providing privacy protections for consumers because there is no single opt-list comparable to the National Do Not Call Registry, meaning that consumers will have to manually opt-out of every online data-exchange encounter (Couch, 2011). Nevertheless, proponents of the Act maintain that it represents a useful beginning in achieving more ambitious goals for privacy protections (Couch, 2011). The Act’s co-sponsors, Senators Kerry and McCain, described its implications thusly: “The bill does not allow for the collection and sharing of private data by businesses that have no relationship to the consumer for purposes other than advertising and marketing. It is this practice that American consumers reject as an unreasonable invasion of privacy” (quoted in Couch, 2011 at para. 4).
Ethical Implications of Geolocation Technology
Use by Government Agencies. Given the potential for abuse of geolocation technology by any organization or individual so inclined, the ethical implications for government agencies are broad-based and are global in scope. Therefore, the so-called effects test has been proposed as a means of assessing where a government agency’s jurisdiction begins and ends with respect to online information. For instance, according to Thierer and Crews:
As a government reflects on the proper limits of its reach against a faraway defendant whose Internet activities are causing local grief, it runs into a dilemma. On the one hand, a plaintiff might claim it unfair that the sovereign would decline to intervene simply because a defendant is wholly absent, since the effects of the defendant’s Internet behavior are still felt locally. (2003, p. 18)
Although it is reasonable to suggest that many of the same arguments can be made with regard to other types of publication modes that provide global exposure such as print media in book and newspaper publishing, but the Internet has provided virtually anyone with a global audience, making the application of the effects test more nebulous. As Thierer and Crews point out, “On the other hand, going on an ‘effects’ test alone suggests that anyone posting information on the Internet is unduly open to nearly any sovereign’s jurisdiction, since that information could have an effect around the world” (2003, p. 18). Moreover, the renewed provisions of the U.S.A. PATRIOT Act and the recent success of the U.S. intelligence community in tracking down Osama bin Laden suggest that the U.S. government is using geolocation technologies in ways that may be legal, but are likely unethical, at least from the perspective of privacy advocates. The need for this type of balancing act is also felt in the use of geolocation technologies by private citizens as discussed further below.
Use by Private Citizens. Although Americans have long enjoyed an expectation of privacy, this expectation has been diminished as a result of geolocation technologies in ways that many citizens may not even realize. Since these technologies are ripe for exploitation by identity thieves, businesses and governmental agencies alike, there have been some steps taken by geolocation services to prevent or at least limit this type of intrusive practice. According to Ionescu, “When you leave your home, you inevitably sacrifice some of your privacy; and by sharing your location on social networks, you could put yourself at some increased level of risk. But geolocation services are working hard (without always succeeding) at keeping you safe from the potential dangers of sharing your location publicly” (2010, para. 4). Although the majority of the most popular geolocation apps allow users to specify a desired level of privacy, these protections may not be sufficient to protect users from the relentless attempts of would-be wrong-doers to use this information in inappropriate ways (Ionescu, 2010). First and foremost, Ionescu cautions against revealing a home address on geolocation services, and though this advice may appear to be a “no-brainer,” the tendency for people to do so is reflected in the now defunct PleaseRobMe.com that collected location-aggregated tweets to provide thieves with real-time information about potential targets (Ionescu, 2010).
Consent to Monitoring. In many cases, consumers are exposed to data-collection processes wherever they go without recognizing the digital trail they leave, and this propensity is amplified significantly when they use geolocation apps. In this regard, Ionescu advises that, “Unfortunately, keeping your whereabouts hidden from other people defeats the purpose of geolocation, so you have to make sensible decisions about how widely you share your status and how carefully you guard your privacy settings” (2010, para. 5). With RFID technologies and magnetic strip scanners that can read consumers’ credit cards while they are still in their pockets, there will be no corresponding consent to monitoring. In specific cases, though, it is possible to specify consent to monitoring levels with geolocation apps. For instance, Ionescue reports that, “Brightkite lets you select for each post whether to share it only with your friends or with the whole world; however, if you cross-post your location on Twitter, any ill-intentioned follower could use that information. Twitter’s approach to geolocation, in contrast, lets you select whether to include your whereabouts for each individual message” (2010, para. 5). Likewise, Google Buzz provides the same consent to monitoring features and Twitter even allows users to delete their complete geolocation history at any point in time (Ionescu, 2010).
The research showed that geolocation technologies that draw on satellites, mobile devices and even individual personal computers provide users with the ability to share their location with others in ways that can facilitate business transactions and personal encounters. The research also showed that geolocation technologies represent a fundamental threat to 4th Amendment protections concerning unreasonable search and seizure by the government, as well as a potential threat from identify thieves and others who would use this information in illegal ways, and businesses that can exploit this information in unethical ways. In the final analysis, geolocation technologies are only going to get better in the future, so the legislative steps being taken today represent an important first step in establishing some badly needed protections against these growing intrusions into Americans’ privacy.
Achenbach, J. (2008, January). The radio age: RFID tags are tracking everything — even you.
National Geographic, 209(1), 1.
A new Internet privacy law? (2011, March 19). New York Times, A22.
Black’s law dictionary. (1999). St. Paul, MN: West Publishing Co.
Couch, A. (2011, April 13). New Internet privacy bill: How would it protect consumers?
Christian Science Monitor. Retrieved from http://www.csmonitor.com/USA/Politics/
Gulati, R., Sawhney, M. & Paoni, A. (2003). Kellogg on technology & innovation. Hoboken, NJ:
Ingram, M. (2010, May 4). Congress proposes sweeping new internet privacy bill. Gigaom.
Retrieved from http://gigaom.com/2010/05/04/congress-proposes-sweeping-internet-privacy-bill/.
Ionescu, D. (2010, March 29). Geolocation 101: How it works, the apps, and your privacy.
PCWorld. Retrieved from http://www.pcworld.com/article/192803-2/geolocation_101_how_it_works_the_apps_and_your_privacy.html.
Malphrus, S. (2009). Perspectives on retail payments fraud. Economic Perspectives, 33(1), 31-
Matwyshyn, A.M. (2004). Of nodes and power laws: a network theory approach to Internet jurisdiction through data privacy. Northwestern University Law Review, 98(2), 493-495.
Thierer, A. & Crews, C.W. (2003). Who rules the Net? Internet governance and jurisdiction.
Washington, DC: Cato Institute.