Location and tracking of mobile devices: Uberveillance stalks the streets

Abstract

During the last decade, location-tracking and monitoring applications have proliferated, in mobile cellular and wireless data networks, and through self-reporting by applications running in smartphones that are equipped with onboard global positioning system (GPS) chipsets. It is now possible to locate a smartphone user's location not merely to a cell, but to a small area within it. Innovators have been quick to capitalise on these location-based technologies for commercial purposes, and have gained access to a great deal of sensitive personal data in the process. In addition, law enforcement utilises these technologies, can do so inexpensively and hence can track many more people. Moreover, these agencies seek the power to conduct tracking covertly, and without a judicial warrant. This article investigates the dimensions of the problem of people-tracking through the devices that they carry. Location surveillance has very serious negative implications for individuals, yet there are very limited safeguards. It is incumbent on legislatures to address these problems, through both domestic laws and multilateral processes.

1. Introduction

Personal electronic devices travel with people, are worn by them, and are, or soon will be, inside them. Those devices are increasingly capable of being located, and, by recording the succession of locations, tracked. This creates a variety of opportunities for the people concerned. It also gives rise to a wide range of opportunities for organisations, at least some of which are detrimental to the person's interests.

Commonly, the focus of discussion of this topic falls on mobile phones and tablets. It is intrinsic to the network technologies on which those devices depend that the network operator has at least some knowledge of the location of each handset. In addition, many such devices have onboard global positioning system (GPS) chipsets, and self-report their coordinates to service-providers. The scope of this paper encompasses those already well-known forms of location and tracking, but it extends beyond them.

The paper begins by outlining the various technologies that enable location and tracking, and identifies those technologies' key attributes. The many forms of surveillance are then reviewed, in order to establish a framework within which applications of location and tracking can be characterised. Applications are described, and their implications summarised. Controls are considered, whereby potential harm to the interests of individuals can be prevented or mitigated.

2. Relevant technologies

The technologies considered here involve a device that has the following characteristics:

• it is conveniently portable by a human, and

• it emits signals that:

• enable some other device to compute the location of the device (and hence of the person), and

• are sufficiently distinctive that the device is reliably identifiable at least among those in the vicinity, and hence the device's (and hence the person's) successive locations can be detected, and combined into a trail

The primary form-factors for mobile devices are currently clam-shape (portable PCs), thin rectangles suitable for the hand (mobile phones), and flat forms (tablets). Many other form-factors are also relevant, however. Anklets imposed on dangerous prisoners, and even as conditions of bail, carry RFID tags. Chips are carried in cards of various sizes, particularly the size of credit-cards, and used for tickets for public transport and entertainment venues, aircraft boarding-passes, toll-road payments and in some countries to carry electronic cash. Chips may conduct transactions with other devices by contact-based means, or contactless, using radio-frequency identification (RFID) or its shorter-range version near-field communication (NFC) technologies. These capabilities are in credit and debit cards in many countries. Transactions may occur with the cardholder's knowledge, with their express consent, and with an authentication step to achieve confidence that the person using the card is authorised to do so. In a variety of circumstances, however, some and even all of those safeguards are dispensed with. The electronic versions of passports that are commonly now being issued carry such a chip, and have an autonomous communications capability. The widespread issue of cards with capabilities uncontrolled by, and in many cases unknown to, the cardholder, is causing consternation among segments of the population that have become aware of the schemes.

Such chips can be readily carried in other forms, including jewellery such as finger-rings, and belt-buckles. Endo-prostheses such as replacement hips and knees and heart pacemakers can readily carry chips. A few people have voluntarily embedded chips directly into their bodies for such purposes as automated entry to premises (Michael and Michael, 2009).

In order to locate and track such devices, any sufficiently distinctive signals may in principle suffice. See Raper et al. (2007a) and Mautz (2011). In practice, the signals involved are commonly those transmitted by a device in order to take advantage of wireless telecommunications networks. The scope of the relevant technologies therefore also encompasses the signals, devices that detect the signals, and the networks over which the data that the signals contain are transmitted.

In wireless networks, it is generally the case that the base-station or router needs to be aware of the identities of devices that are currently within the cell. A key reason for this is to conserve limited transmission capacity by sending messages only when the targeted device is known to be in the cell. This applies to all of:

• cellular mobile originally designed for voice telephony and extended to data (in particular those using the ‘3G’ standards GSM/GPRS, CDMA2000 and UMTS/HSPA and the ‘4G’ standard LTE)

• wireless local area networks (WLANs, commonly Wifi/IEEE 802.11x – RE, 2010a)

• wireless wide area networks (WWANs, commonly WiMAX/IEEE 802.16x – RE, 2010b).

Devices in such networks are uniquely identified by various means (Clarke and Wigan, 2011). In cellular networks, there is generally a clear distinction between the entity (the handset) and the identity it is adopting at any given time (which is determined by the module inserted in it). Depending on the particular standards used, what is commonly referred to as ‘the SIM-card’ is an R-UIM, a CSIM or a USIM. These modules store an International Mobile Subscriber Identity (IMSI), which constitutes the handset's identifier. Among other things, this enables network operators to determine whether or not to provide service, and what tariff to apply to the traffic. However, cellular network protocols may also involve transmission of a code that distinguishes the handset itself, within which the module is currently inserted. A useful generic term for this is the device ‘entifier’ (Clarke, 2009b). Under the various standards, it may be referred to as an International Mobile Equipment Identity (IMEI), ESN, or MEID.

Vendor-specific solutions also may provide additional functionality to a handset unbeknown to the end-user. For example, every mobile device manufactured by Apple has a 40-character Unique Device Identifier (UDID). This enables Apple to track its users. Not only Apple itself, but also marketers, were able to use the UDID to track devices. It has also been alleged that data emanating from these devices is routinely accessible to law enforcement agencies. Since late 2012, Apple has prevented marketers from using the UDID, but has added an Identifier for Advertisers (IFA or IDFA). This is temporary, and it can be blocked; but it is by default open for tracking, and turning it off is difficult, and is likely to result in reduced services (Edwards, 2012). In short, Apple devices are specifically designed to enable tracking of consumers by Apple, by any government agency that has authority to gain access to the data, and by all consumer-marketing corporations, although in the last case with a low-grade option available to the user to suppress tracking.

In Wifi and WiMAX networks, the device entifier may be a processor-id or more commonly a network interface card identifier (NIC Id). In various circumstances, other device-identifiers may be used, such as a phone number, or an IP-address may be used as a proxy. In addition, the human using the device may be directly identified, e.g. by means of a user-account name.

A WWAN cell may cover a large area, indicatively of a 50 km radius. Telephony cells may have a radius as large as 2–3 km or as little as a hundred metres. WLANs using Wifi technologies have a cell-size of less than 1 ha, indicatively 50–100 m radius, but in practice often constrained by environmental factors to only 10–30 m.

The base-station or router knows the identities of devices that are within its cell, because this is a technically necessary feature of the cell's operation. Mobile devices auto-report their presence 10 times per second. Meanwhile, the locations of base-stations for cellular services are known with considerable accuracy by the telecommunications providers. And, in the case of most private Wifi services, the location of the router is mapped to c. 30–100 m accuracy by services such as Skyhook and Google Locations, which perform what have been dubbed ‘war drives’ in order to maintain their databases – in Google's case in probable violation of the telecommunications interception and/or privacy laws of at least a dozen countries (EPIC, 2012).

Knowing that a device is within a particular mobile phone, WiMAX or Wifi cell provides only a rough indication of location. In order to generate a more precise estimate, within a cell, several techniques are used (McGuire et al., 2005). These include the following (adapted from Clarke and Wigan, 2011; see also Figueiras and Frattasi, 2010):

• directional analysis. A single base-station may comprise multiple receivers at known locations and pointed in known directions, enabling the handset's location within the cell to be reduced to a sector within the cell, and possibly a narrow one, although without information about the distance along the sector;

• triangulation. This involves multiple base-stations serving a single cell, at known locations some distance apart, and each with directional analysis capabilities. Particularly with three or more stations, this enables an inference that the device's location is within a small area at the intersection of the multiple directional plots;

• signal analysis. This involves analysis of the characteristics of the signals exchanged between the handset and base-station, in order to infer the distance between them. Relevant signal characteristics include the apparent response-delay (Time Difference of Arrival – TDOA, also referred to as multilateration), and strength (Received Signal Strength Indicator – RSSI), perhaps supplemented by direction (Angle Of Arrival – AOA).

The precision and reliability of these techniques varies greatly, depending on the circumstances prevailing at the time. The variability and unpredictability result in many mutually inconsistent statements by suppliers, in the general media, and even in the technical literature.

Techniques for cellular networks generally provide reasonably reliable estimates of location to within an indicative 50–100 m in urban areas and some hundreds of metres elsewhere. Worse performance has been reported in some field-tests, however. For example, Dahunsi and Dwolatzky (2012) found the accuracy of GSM location in Johannesburg to be in the range 200–1400 m, and highly variable, with “a huge difference between the predicted and provided accuracies by mobile location providers”.

The website of the Skyhook Wifi-router positioning service claims 10-m accuracy, 1-s time-to-first-fix and 99.8% reliability (SHW, 2012). On the other hand, tests have resulted in far lower accuracy measures, including an average positional error of 63 m in Sydney (Gallagher et al., 2009) and “median values for positional accuracy in [Las Vegas, Miami and San Diego, which] ranged from 43 to 92 metres… [and] the replicability… was relatively poor” (Zandbergen, 2012, p. 35). Nonetheless, a recent research article suggested the feasibility of “uncooperatively and covertly detecting people ‘through the wall’ [by means of their WiFi transmissions]” (Chetty et al., 2012).

Another way in which a device's location may become known to other devices is through self-reporting of the device's position, most commonly by means of an inbuilt Global Positioning System (GPS) chipset. This provides coordinates and altitude based on broadcast signals received from a network of satellites. In any particular instance, the user of the device may or may not be aware that location is being disclosed.

Despite widespread enthusiasm and a moderate level of use, GPS is subject to a number of important limitations. The signals are subject to interference from atmospheric conditions, buildings and trees, and the time to achieve a fix on enough satellites and deliver a location measure may be long. This results in variability in its practical usefulness in different circumstances, and in its accuracy and reliability. Civil-use GPS coordinates are claimed to provide accuracy within a theoretical 7.8 m at a 95% confidence level (USGov, 2012), but various reports suggest 15 m, or 20 m, or 30 m, but sometimes 100 m. It may be affected by radio interference and jamming. The original and still-dominant GPS service operated by the US Government was subject to intentional degradation in the US's national interests. This ‘Selective Availability’ feature still exists, although subject to a decade-long policy not to use it; and future generations of GPS satellites may no longer support it.

Hybrid schemes exist that use two or more sources in order to generate more accurate location-estimates, or to generate estimates more quickly. In particular, Assisted GPS (A-GPS) utilises data from terrestrial servers accessed over cellular networks in order to more efficiently process satellite-derived data (e.g. RE, 2012).

Further categories of location and tracking technologies emerge from time to time. A current example uses means described by the present authors as ‘mobile device signatures’ (MDS). A device may monitor the signals emanating from a user's mobile device, without being part of the network that the user's device is communicating with. The eavesdropping device may detect particular signal characteristics that distinguish the user's mobile device from others in the vicinity. In addition, it may apply any of the various techniques mentioned above, in order to locate the device. If the signal characteristics are persistent, the eavesdropping device can track the user's mobile device, and hence the person carrying it. No formal literature on MDS has yet been located. The supplier's brief description is at PI (2010b).

The various technologies described in this section are capable of being applied to many purposes. The focus in this paper is on their application to surveillance.

3. Surveillance

The term surveillance refers to the systematic investigation or monitoring of the actions or communications of one or more persons (Clarke, 2009c). Until recent times, surveillance was visual, and depended on physical proximity of an observer to the observed. The volume of surveillance conducted was kept in check by the costs involved. Surveillance aids and enhancements emerged, such as binoculars and, later, directional microphones. During the 19th century, the post was intercepted, and telephones were tapped. During the 20th century, cameras enabled transmission of image, video and sound to remote locations, and recording for future use (e.g. Parenti, 2003).

With the surge in stored personal data that accompanied the application of computing to administration in the 1970s and 1980s, dataveillance emerged (Clarke, 1988). Monitoring people through their digital personae rather than through physical observation of their behaviour is much more economical, and hence many more people can be subjected to it (Clarke, 1994). The dataveillance epidemic made it more important than ever to clearly distinguish between personal surveillance – of an identified person who has previously come to attention – and mass surveillance – of many people, not necessarily previously identified, about some or all of whom suspicion could be generated.

Location data is of a very particular nature, and hence it has become necessary to distinguish location surveillance as a sub-set of the general category of dataveillance. There are several categories of location surveillance with different characteristics (Clarke and Wigan, 2011):

• capture of an individual's location at a point in time. Depending on the context, this may support inferences being drawn about an individual's behaviour, purpose, intention and associates

• real-time monitoring of a succession of locations and hence of the person's direction of movement. This is far richer data, and supports much more confident inferences being drawn about an individual's behaviour, purpose, intention and associates

• predictive tracking, by extrapolation from the person's direction of movement, enabling inferences to be drawn about near-future behaviour, purpose, intention and associates

• retrospective tracking, on the basis of the data trail of the person's movements, enabling reconstruction of a person's behaviour, purpose, intention and associates at previous times

Information arising at different times, and from different forms of surveillance, can be combined, in order to offer a more complete picture of a person's activities, and enable yet more inferences to be drawn, and suspicions generated. This is the primary sense in which the term ‘überveillance’ is applied: “Überveillance has to do with the fundamental who (ID), where (location), and when (time) questions in an attempt to derive why (motivation), what (result), and even how (method/plan/thought). Überveillance can be a predictive mechanism for a person's expected behaviour, traits, likes, or dislikes; or it can be based on historical fact; or it can be something in between… Überveillance is more than closed circuit television feeds, or cross-agency databases linked to national identity cards, or biometrics and ePassports used for international travel. Überveillance is the sum total of all these types of surveillance and the deliberate integration of an individual's personal data for the continuous tracking and monitoring of identity and location in real time” (Michael and Michael, 2010. See also Michael and Michael, 2007Michael et al., 20082010Clarke, 2010).

A comprehensive model of surveillance includes consideration of geographical scope, and of temporal scope. Such a model assists the analyst in answering key questions about surveillance: of what? for whom? by whom? why? how? where? and when? (Clarke, 2009c). Distinctions are also needed based on the extent to which the subject has knowledge of surveillance activities. It may be overt or covert. If covert, it may be merely unnotified, or alternatively express measures may be undertaken in order to obfuscate, and achieve secrecy. A further element is the notion of ‘sousveillance’, whereby the tools of surveillance are applied, by those who are commonly watched, against those who are commonly the watchers (Mann et al., 2003).

These notions are applied in the following sections in order to establish the extent to which location and tracking of mobile devices is changing the game of surveillance, and to demonstrate that location surveillance is intruding more deeply into personal freedoms than previous forms of surveillance.

4. Applications

This section presents a typology of applications of mobile device location, as a means of narrowing down to the kinds of uses that have particularly serious privacy implications. These are commonly referred to as location-based services (LBS). One category of applications provide information services that are for the benefit of the mobile device's user, such as navigation aids, and search and discovery tools for the locations variously of particular, identified organisations, and of organisations that sell particular goods and services. Users of LBS of these kinds can be reasonably assumed to be aware that they are disclosing their location. Depending on the design, the disclosures may also be limited to specific service-providers and specific purposes, and the transmissions may be secured.

Another, very different category of application is use by law enforcement agencies (LEAs). The US E-911 mandate of 1999 was nominally a public safety measure, to enable people needing emergency assistance to be quickly and efficiently located. In practice, the facility also delivered LEAs means for locating and tracking people of interest, through their mobile devices. Personal surveillance may be justified by reasonable grounds for suspicion that the subject is involved in serious crime, and may be specifically authorised by judicial warrant. Many countries have always been very loose in their control over LEAs, however, and many others have drastically weakened their controls since 2001. Hence, in any given jurisdiction and context, each and all of the controls may be lacking.

Yet worse, LEAs use mobile location and tracking for mass surveillance, without any specific grounds for suspicion about any of the many people caught up in what is essentially a dragnet-fishing operation (e.g. Mery, 2009). Examples might include monitoring the area adjacent to a meeting-venue watching out for a blacklist of device-identifiers known to have been associated with activists in the past, or collecting device-identifiers for use on future occasions. In addition to netting the kinds of individuals who are of legitimate interest, the ‘by-catch’ inevitably includes threatened species. There are already extraordinarily wide-ranging (and to a considerable extent uncontrolled) data retention requirements in many countries.

Of further concern is the use of Automated Number Plate Recognition (ANPR) for mass surveillance purposes. This has been out of control in the UK since 2006, and has been proposed or attempted in various other countries as well (Clarke, 2009a). Traffic surveillance is expressly used not only for retrospective analysis of the movements of individuals of interest to LEAs, but also as a means of generating suspicions about other people (Lewis, 2008).

Beyond LEAs, many government agencies perform social control functions, and may be tempted to conduct location and tracking surveillance. Examples would include benefits-paying organisations tracking the movements of benefits-recipients about whom suspicions have arisen. It is not too far-fetched to anticipate zealous public servants concerned about fraud control imposing location surveillance on all recipients of some particularly valuable benefit, or as a security precaution on every person visiting a sensitive area (e.g. a prison, a power plant, a national park).

Various forms of social control are also exercised by private sector organisations. Some of these organisations, such as placement services for the unemployed, may be performing outsourced public sector functions. Others, such as workers' compensation providers, may be seeking to control personal insurance claimants, and similarly car-hire companies and insurance providers may wish to monitor motor vehicles' distance driven and roads used (Economist, 2012Michael et al., 2006b).

A further privacy-invasive practice that is already common is the acquisition of location and tracking data by marketing corporations, as a by-product of the provision of location-based services, but with the data then applied to further purposes other than that for which it was intended. Some uses rely on statistical analysis of large holdings (‘data mining’). Many uses are, on the other hand, very specific to the individual, and are for such purposes as direct or indirect targeting of advertisements and the sale of goods and services. Some of these applications combine location data with data from other sources, such as consumer profiling agencies, in order to build up such a substantial digital persona that the individual's behaviour is readily influenced. This takes the activity into the realms of überveillance.

All such services raise serious privacy concerns, because the data is intensive and sensitive, and attractive to organisations. Companies may gain rights in relation to the data through market power, or by trickery – such as exploitation of a self-granted right to change the Terms of Service (Clarke, 2011). Once captured, the data may be re-purposed by any organisation that gains access to it, because the value is high enough that they may judge the trivial penalties that generally apply to breaches of privacy laws to be well worth the risk.

A recently-emerged, privacy-invasive practice is the application of the mobile device signature (MDS) form of tracking, in such locations as supermarkets. This is claimed by its providers to offer deep observational insights into the behaviour of customers, including dwell times in front of displays, possibly linked with the purchaser's behaviour. This raises concerns a little different from other categories of location and tracking technologies, and is accordingly considered in greater depth in the following section.

It is noteworthy that an early review identified a wide range of LBS, which the authors classified into mobile guides, transport, gaming, assistive technology and location-based health (Raper et al., 2007b). Yet that work completely failed to notice that a vast array of applications were emergent in surveillance, law enforcement and national security, despite the existence of relevant literature from at least 1999 onwards (Clarke, 2001Michael and Masters, 2006).

5. Implications

The previous sections have introduced many examples of risks to citizens and consumers arising from location surveillance. This section presents an analysis of the categories and of the degree of seriousness with which they should be viewed. The first topic addressed is the privacy of personal location data. Other dimensions of privacy are then considered, and then the specific case of MDS is examined. The treatment here is complementary to earlier articles that have looked more generally at particular applications such as location-based mobile advertising, e.g. Cleff (20072010) and King and Jessen (2010). See also Art. 29 (2011).

5.1. Locational privacy

Knowing where someone has been, knowing what they are doing right now, and being able to predict where they might go next is a powerful tool for social control and for chilling behaviour (Abbas, 2011). Humans do not move around in a random manner (Song et al., 2010).

One interpretation of ‘locational privacy’ is that it “is the ability of an individual to move in public space with the expectation that under normal circumstances their location will not be systematically and secretly recorded for later use” (Blumberg and Eckersley, 2009). A more concise definition is “the ability to control the extent to which personal location information is… [accessible and] used by others” (van Loenen et al., 2009). Hence ‘tracking privacy’ is the interest an individual has in controlling information about their sequence of locations.

Location surveillance is deeply intrusive into data privacy, because it is very rich, and enables a great many inferences to be drawn (Clarke, 2001Dobson and Fisher, 2003Michael et al., 2006aClarke and Wigan, 2011). As demonstrated by Raper et al. (2007a, p. 32–3), most of the technical literature that considers privacy is merely concerned about it as an impediment to deployment and adoption, and how to overcome the barrier rather than how to solve the problem. Few authors adopt a positive approach to privacy-protective location technologies. The same authors' review of applications (Raper et al., 2007b) includes a single mention of privacy, and that is in relation to just one of the scores of sub-categories of application that they catalogue.

Most service-providers are cavalier in their handling of personal data, and extravagant in their claims. For example, Skyhook claims that it “respects the privacy of all users, customers, employees and partners”; but, significantly, it makes no mention of the privacy of the people whose locations, through the locations of their Wifi routers, it collects and stores (Skyhook, 2012).

Consent is critical in such LBS as personal location chronicle systems, people-followers and footpath route-tracker systems that systematically collect personal location information from a device they are carrying (Collier, 2011c). The data handled by such applications is highly sensitive because it can be used to conduct behavioural profiling of individuals in particular settings. The sensitivity exists even if the individuals remain ‘nameless’, i.e. if each identifier is a temporary or pseudo-identifier and is not linked to other records. Service-providers, and any other organisations that gain access to the data, achieve the capacity to make judgements on individuals based on their choices of, for example, which retail stores they walk into and which they do not. For example, if a subscriber visits a particular religious bookstore within a shopping mall on a weekly basis, the assumption can be reasonably made that they are in some way affiliated to that religion (Samuel, 2008).

It is frequently asserted that individuals cannot have a reasonable expectation of privacy in a public space (Otterberg, 2005). Contrary to those assertions, however, privacy expectations always have existed in public places, and continue to exist (VLRC, 2010). Tracking the movements of people as they go about their business is a breach of a fundamental expectation that people will be ‘let alone’. In policing, for example, in most democratic countries, it is against the law to covertly track an individual or their vehicle without specific, prior approval in the form of a warrant. This principle has, however, been compromised in many countries since 2001. Warrantless tracking using a mobile device generally results in the evidence, which has been obtained without the proper authority, being inadmissible in a court of law (Samuel, 2008). Some law enforcement agencies have argued for the abolition of the warrant process because the bureaucracy involved may mean that the suspect cannot be prosecuted for a crime they have likely committed (Ganz, 2005). These issues are not new; but far from eliminating a warrant process, the appropriate response is to invest the energy in streamlining this process (Bronitt, 2010).

Privacy risks arise not only from locational data of high integrity, but also from data that is or becomes associated with a person and that is inaccurate, misleading, or wrongly attributed to that individual. High levels of inaccuracy and unreliability were noted above in respect of all forms of location and tracking technologies. In the case of MDS services, claims have been made of 1–2 m locational accuracy. This has yet to be supported by experimental test cases however, and hence there is uncertainty about the reliability of inferences that the service-provider or the shop owner draw. If the data is the subject of a warrant or subpoena, the data's inaccuracy could result in false accusations and even a miscarriage of justice, with the ‘wrong person’ finding themselves in the ‘right place’ at the ‘right time’.

5.2. Privacy more broadly

Privacy has multiple dimensions. One analysis, in Clarke (2006a), identifies four distinct aspects. Privacy of Personal Data, variously also ‘data privacy’ and ‘information privacy’, is the most widely discussed dimension of the four. Individuals claim that data about themselves should not be automatically available to other individuals and organisations, and that, even where data is possessed by another party, the individual must be able to exercise a substantial degree of control over that data and its use. The last five decades have seen the application of information technologies to a vast array of abuses of data privacy. The degree of privacy intrusiveness is a function of both the intensity and the richness of the data. Where multiple sources are combined, the impact is particularly likely to chill behaviour. An example is the correlation of video-feeds with mobile device tracking. The previous sub-section addressed that dimension.

Privacy of the Person, or ‘bodily privacy’, extends from freedom from torture and right to medical treatment, via compulsory immunisation and imposed treatments, to compulsory provision of samples of body fluids and body tissue, and obligations to submit to biometric measurement. Locational surveillance gives rise to concerns about personal safety. Physical privacy is directly threatened where a person who wishes to inflict harm is able to infer the present or near-future location of their target. Dramatic examples include assassins, kidnappers, ‘standover merchants’ and extortionists. But even people who are neither celebrities nor notorieties are subject to stalking and harassment (Fusco et al., 2012).

Privacy of Personal Communications is concerned with the need of individuals for freedom to communicate among themselves, without routine monitoring of their communications by other persons or organisations. Issues include ‘mail covers’, the use of directional microphones, ‘bugs’ and telephonic interception, with or without recording apparatus, and third-party access to email-messages. Locational surveillance thereby creates new threats to communications privacy. For example, the equivalent of ‘call records’ can be generated by combining the locations of two device-identifiers in order to infer that a face-to-face conversation occurred.

Privacy of Personal Behaviour encompasses ‘media privacy’, but particular concern arises in relation to sensitive matters such as sexual preferences and habits, political activities and religious practices. Some privacy analyses, particularly in Europe, extend this discussion to personal autonomy, liberty and the right of self-determination (e.g. King and Jessen, 2010). The notion of ‘private space’ is vital to economic and social aspects of behaviour, is relevant in ‘private places’ such as the home and toilet cubicles, but is also relevant and important in ‘public places’, where systematic observation and the recording of images and sounds are far more intrusive than casual observation by the few people in the vicinity.

Locational surveillance gives rise to rich sets of data about individuals' activities. The knowledge, or even suspicion, that such surveillance is undertaken, chills their behaviour. The chilling factor is vital in the case of political behaviour (Clarke, 2008). It is also of consequence in economic behaviour, because the inventors and innovators on whom new developments depend are commonly ‘different-thinkers’ and even ‘deviants’, who are liable to come to come to attention in mass surveillance dragnets, with the tendency to chill their behaviour, their interactions and their creativity.

Surveillance that generates accurate data is one form of threat. Surveillance that generates inaccurate data, or wrongly associates data with a particular person, is dangerous as well. Many inferences that arise from inaccurate data will be wrong, of course, but that won't prevent those inferences being drawn, resulting in unjustified behavioural privacy invasiveness, including unjustified association with people who are, perhaps for perfectly good reasons, themselves under suspicion.

In short, all dimensions of privacy are seriously affected by location surveillance. For deeper treatments of the topic, see Michael et al. (2006b) and Clarke and Wigan (2011).

5.3. Locational privacy and MDS

The recent innovation of tracking by means of mobile device signatures (MDS) gives rise to some issues additional to, or different from, mainstream device location technologies. This section accordingly considers this particular technique's implications in greater depth. Limited reliable information is currently available, and the analysis is of necessity based on supplier-published sources (PI, 2010a2010b) and media reports (Collier, 2011a,b,c).

Path Intelligence (PI) markets an MDS service to shopping mall-owners, to enable them to better value their floor space in terms of rental revenues, and to identify points of on-foot traffic congestion to on-sell physical advertising and marketing floor space (PI, 2010a). The company claims to detect each phone (and hence person) that enters a zone, and to capture data, including:

• how long each device and person stay, including dwell times in front of shop windows;

• repeat visits by shoppers in varying frequency durations; and

• typical route and circuit paths taken by shoppers as they go from shop to shop during a given shopping experience.

For malls, PI is able to denote such things as whether or not shoppers who shop at one establishment will also shop at another in the same mall, and whether or not people will go out of their way to visit a particular retail outlet independent of its location. For retailers, PI says it is able to provide information on conversion rates by department or even product line, and even which areas of the store might require more attention by staff during specific times of the day or week (PI, 2012).

PI says that it uses “complex algorithms” to denote the geographic position of a mobile phone, using strategically located “proprietary equipment” in a campus setting (PI, 2010a). The company states that it is conducting “data-driven analysis”, but is not collecting, or at least that it is not disclosing, any personal information such as a name, mobile telephone number or contents of a short message service (SMS). It states that it only ever provides aggregated data at varying zone levels to the shopping mall-owners. This is presumably justified on the basis that, using MDS techniques, direct identifiers are unlikely to be available, and a pseudo-identifier needs to be assigned. There is no explicit definition of what constitutes a zone. It is clear, however, that minimally-aggregated data at the highest geographic resolution is available for purchase, and at a higher price than more highly-aggregated data.

Shoppers have no relationship with the company, and it appears unlikely that they would even be aware that data about them is being collected and used. The only disclosure appears to be that “at each of our installations our equipment is clearly visible and labelled with our logo and website address” (PI, 2010a), but this is unlikely to be visible to many people, and in any case would not inform anyone who saw it.

In short, the company is generating revenue by monitoring signals from the mobile devices of people who visit a shopping mall for the purchase of goods and services. The data collection is performed without the knowledge of the person concerned (Renegar et al., 2008). The company is covertly collecting personal data and exploiting it for profit. There is no incentive or value proposition for the individual whose mobile is being tracked. No clear statement is provided about collection, storage, retention, use and disclosure of the data (Arnold, 2008). Even if privacy were not a human right, this would demand statutory intervention on the public policy grounds of commercial unfairness. The company asserts that “our privacy approach has been reviewed by the [US Federal Trade Commission] FTC, which determined that they are comfortable with our practices” (PI, 2010a). It makes no claims of such ‘approval’ anywhere else in the world.

The service could be extended beyond a mall and the individual stores within it, to for example, associated walkways and parking areas, and surrounding areas such as government offices, entertainment zones and shopping-strips. Applications can also be readily envisaged on hospital and university campuses, and in airports and other transport hubs. From prior research, this is likely to expose the individual's place of employment, and even their residence (Michael et al., 2006a,b). Even if only aggregated data is sold to businesses, the individual records remain available to at least the service-provider.

The scope exists to combine this form of locational surveillance with video-surveillance such as in-store CCTV, and indeed this is claimed to be already a feature of the company's offering to retail stores. To the extent that a commonly-used identifier can be established (e.g. through association with the person's payment or loyalty card at a point-of-sale), the full battery of local and externally acquired customer transaction histories and consolidated ‘public records’ data can be linked to in-store behaviour (Michael and Michael, 2007). Longstanding visual surveillance is intersecting with well-established data surveillance, and being augmented by locational surveillance, giving breath to dataveillance, or what is now being referred to by some as ‘smart surveillance’ (Wright et al., 2010IBM, 2011).

Surreptitious collection of personal data is (with exemptions and exceptions) largely against the law, even when undertaken by law enforcement personnel. The MDS mechanism also flies in the face of telephonic interception laws. How, then, can it be in any way acceptable for a form of warrantless tracking to be undertaken by or on behalf of corporations or mainstream government agencies, of shoppers in a mall, or travellers in an airport, or commuters in a transport hub? Why should a service-provider have the right to do what a law enforcement agency cannot normally do?

6. Controls

The tenor of the discussion to date has been that location surveillance harbours enormous threats to location privacy, but also to personal safety, the freedom to communicate, freedom of movement, and freedom of behaviour. This section examines the extent to which protections exist, firstly in the form of natural or intrinsic controls, and secondly in the form of legal provisions. The existing safeguards are found to be seriously inadequate, and it is therefore necessary to also examine the prospects for major enhancements to law, in order to achieve essential protections.

6.1. Intrinsic controls

A variety of forms of safeguard exist against harmful technologies and unreasonable applications of them. The intrinsic economic control has largely evaporated, partly because the tools use electronics and the components are produced in high volumes at low unit cost. Another reason is that the advertising and marketing sectors are highly sophisticated, already hold and exploit vast quantities of personal data, and are readily geared up to exploit yet more data.

Neither the oxymoronic notion of ‘business ethics’ nor the personal morality of executives in business and government act as any significant brake on the behaviours of corporations and governments, because they are very weak barriers, and they are readily rationalised away in the face of claims of enhanced efficiencies in, for example, marketing communications, fraud control, criminal justice and control over anti-social behaviour.

A further category of intrinsic control is ‘self-regulatory’ arrangements within relevant industry sectors. In 2010, for example, the Australian Mobile Telecommunications Association (AMTA) released industry guidelines to promote the privacy of people using LBS on mobile devices (AMTA, 2010). The guidelines were as follows:

1. Every LBS must be provided on an opt-in basis with a specific request from a user for the service

2. Every LBS must comply with all relevant privacy legislation

3. Every LBS must be designed to guard against consumers being located without their knowledge

4. Every LBS must allow consumers to maintain full control

5. Every LBS must enable customers to control who uses their location information and when that is appropriate, and be able to stop or suspend a service easily should they wish

The second point is a matter for parliaments, privacy oversight agencies and law enforcement agencies, and its inclusion in industry guidelines is for information only. The remainder, meanwhile, are at best ‘aspirational’, and at worst mere window-dressing. Codes of this nature are simply ignored by industry members. They are primarily a means to hold off the imposition of actual regulatory measures. Occasional short-term constraints may arise from flurries of media attention, but the ‘responsible’ organisations escape by suggesting that bad behaviour was limited to a few ‘cowboy’ organisations or was a one-time error that will not be repeated.

A case study of the industry self-regulation is provided by the Biometrics Code issued by the misleadingly named Australian industry-and-users association, the Biometrics ‘Institute’ (BI, 2004). During the period 2009–2012, the privacy advocacy organisation, the Australian Privacy Foundation (APF), submitted to the Privacy Commissioner on multiple occasions that the Code failed to meet the stipulated requirements and under the Commissioner's own Rules had to be de-registered. The Code never had more than five subscribers (out of a base of well over 100 members – which was itself only a sub-set of organisations active in the area), and had no signatories among the major biometrics vendors or users, because all five subscribers were small organisations or consultants. In addition, none of the subscribers appear to have ever provided a link to the Code on their websites or in their Privacy Policy Statements (APF, 2012).

The Commissioner finally ended the farce in April 2012, citing the “low numbers of subscribers”, but avoided its responsibilities by permitting the ‘Institute’ to “request” revocation, over two years after the APF had made the same request (OAIC, 2012). The case represents an object lesson in the vacuousness of self-regulation and the business friendliness of a captive privacy oversight agency.

If economics, morality and industry sector politics are inadequate, perhaps competition and organisational self-interest might work. On the other hand, repeated proposals that privacy is a strategic factor for corporations and government agencies have fallen on stony ground (Clarke, 19962006b).

The public can endeavour to exercise countervailing power against privacy-invasive practices. On the other hand, individuals acting alone are of little or no consequence to organisations that are intent on the application of location surveillance. Moreover, consumer organisations lack funding, professionalism and reach, and only occasionally attract sufficient media attention to force any meaningful responses from organisations deploying surveillance technologies.

Individuals may have direct surveillance countermeasures available to them, but relatively few people have the combination of motivation, technical competence and persistence to overcome lethargy and the natural human desire to believe that the institutions surrounding them are benign. In addition, some government agencies, corporations and (increasingly prevalent) public–private partnerships seek to deny anonymity, pseudonymity and multiple identities, and to impose so-called ‘real name’ policies, for example as a solution to the imagined epidemics of cyber-bullying, hate speech and child pornography. Individuals who use cryptography and other obfuscation techniques have to overcome the endeavours of business and government to stigmatise them as criminals with ‘something to hide’.

6.2. Legal controls

It is clear that natural or intrinsic controls have been utter failures in privacy matters generally, and will be in locational privacy matters as well. That leaves legal safeguards for personal freedoms as the sole protection. There are enormous differences among domestic laws relating to location surveillance. This section accordingly limits itself to generalities and examples.

Privacy laws are (with some qualifications, mainly in Europe) very weak instruments. Even where public servants and parliaments have an actual intention to protect privacy, rather than merely to overcome public concerns by passing placebo statutes, the draft Bills are countered by strong lobbying by government agencies and industry, to the extent that measures that were originally portrayed as being privacy-protective reach the statute books as authority for privacy breaches and surveillance (Clarke, 2000).

Privacy laws, once passed, are continually eroded by exceptions built into subsequent legislation, and by technological capabilities that were not contemplated when the laws were passed. In most countries, location privacy has yet to be specifically addressed in legislation. Even where it is encompassed by human rights and privacy laws, the coverage is generally imprecise and ambiguous. More direct and specific regulation may exist, however. In Australia, for example, the Telecommunications (Interception and Access) Act and the Surveillance Devices Act define and criminalise inappropriate interception and access, use, communication and publication of location information that is obtained from mobile device traffic (AG, 2005). On the other hand, when Google Inc. intercepted wi-fi signals and recorded the data that they contained, the Privacy Commissioner absolved the company (Riley, 2010), and the Australian Federal Police refused to prosecute despite the action – whether it was intentional, ‘inadvertent’ or merely plausibly deniable – being a clear breach of the criminal law (Moses, 2010Stilgherrian, 2012).

The European Union determined a decade ago that location data that is identifiable to individuals is to some extent at least subject to existing data protection laws (EU, 2002). However, the wording of that so-called ‘e-Privacy Directive’ countenances the collection of “location data which are more precise than is necessary for the transmission of communications”, without clear controls over the justification, proportionality and transparency of that collection (para. 35). In addition, the e-Privacy Directive only applies to telecommunications service-providers, not to other organisations that acquire location and tracking data. King and Jessen (2010) discuss various gaps in the protective regimes in Europe.

The EU's Advisory Body (essentially a Committee of European Data Protection Commissioners) has issued an Opinion that mobile location data is generally capable of being associated with a person, and hence is personal data, and hence is subject to the EU Directive of 1995 and national laws that implement that Directive (Art. 29, 2011). Consent is considered to be generally necessary, and that consent must be informed, and sufficiently granular (p. 13–8).

It is unclear, however, to what extent this Opinion has actually caused, and will in the future cause, organisations that collect, store, use and disclose location data to change their practices. This uncertainty exists in respect of national security, law enforcement and social control agencies, which have, or which can arrange, legal authority that overrides data protection laws. It also applies to non-government organisations of all kinds, which can take advantage of exceptions, exemptions, loopholes, non-obviousness, obfuscation, unenforceability within each particular jurisdiction, and extra-jurisdictionality, to operate in ways that are in apparent breach of the Opinion.

Legal authorities for privacy-invasions are in a great many cases vague rather than precise, and in many jurisdictions power in relation to specific decisions is delegated to a LEA (in such forms as self-written ‘warrants’), or even a social control agency (in the form of demand-powers), rather than requiring a decision by a judicial officer based on evidence provided by the applicant.

Citizens in many countries are subject to more or less legitimate surveillance of various degrees and orders of granularity, by their government, in the name of law enforcement and national security. However, many Parliaments have granted powers to national security agencies to use location technology to track citizens and to intercept telecommunications. Moreover, many Parliaments have failed the public by permitting a warrant to be signed by a Minister, or even a public servant, rather than a judicial officer (Jay, 1999). Worse still, it appears that these already gross breaches of the principle of a free society are in effect being extended to the authorisation of a private organisation to track mobiles of ordinary citizens because it may lead to better services planning, or more efficient advertising and marketing (Collier, 2011a).

Data protection legislation in all countries evidences massive weaknesses. There are manifold exemptions and exceptions, and there are intentional and accidental exclusions, for example through limitations in the definitions of ‘identified’ and ‘personal data’. Even the much vaunted European laws fail to cope with extraterritoriality and are largely ignored by US-based service-providers. They are also focused exclusively on data, leaving large gaps in safeguards for physical, communications and behavioural privacy.

Meanwhile, a vast amount of abuse of personal data is achieved through the freedom of corporations and government agencies to pretend that Terms imposed on consumers and citizens without the scope to reject them are somehow the subject of informed and freely given consent. For example, petrol stations, supermarkets and many government agencies pretend that walking past signs saying ‘area subject to CCTV’ represents consent to gather, transmit, record, store, use and disclose data. The same approach is being adopted in relation to highly sensitive location data, and much vaunted data protection laws are simply subverted by the mirage of consent.

At least notices such as ‘you are now being watched’ or ‘smile, you are being recorded’ inform customers that they are under observation. On the other hand, people are generally oblivious to the fact that their mobile subscriber identity is transmitted from their mobile phone and multilaterated to yield a reasonably precise location in a shopping mall (Collier, 2011a,b,c). Further, there is no meaningful sense in which they can be claimed to have consented to providing location data to a third party, in this case a location service-provider with whom they have never had contact. And the emergent combination of MDS with CCTV sources becomes a pervasive view of the person, an ‘über’ view, providing a set of über-analytics to – at this stage – shopping complex owners and their constituents.

What rights do employees have if such a system were instituted in an employment setting (Michael and Rose, 2007, p. 252–3)? Are workplace surveillance laws in place that would protect employees from constant monitoring (Stern, 2007)? A similar problem applies to people at airports, or on hospital, university, industrial or government campuses. No social contract has been entered into between the parties, rendering the subscriber powerless.

Since the collapse of the Technology Assessment movement, technological deployment proceeds unimpeded, and public risks are addressed only after they have emerged and the clamour of concern has risen to a crescendo. A reactive force is at play, rather than proactive measures being taken to ensure avoidance or mitigation of potential privacy breaches (Michael et al., 2011). In Australia, for example, safeguards for location surveillance exist at best incidentally, in provisions under separate legislative regimes and in separate jurisdictions, and at worst not at all. No overarching framework exists to provide consistency among the laws. This causes confusion and inevitably results in inadequate protections (ALRC, 2008).

6.3. Prospective legal controls

Various learned studies have been conducted, but gather dust. In Australia, the three major law reform commissions have all reported, and all have been ignored by the legislatures (NSWLRC, 2005ALRC, 2008VLRC, 2010).

One critical need is for the fundamental principle to be recovered, to the effect that the handling of personal data requires either consent or legal authority. Consent is meaningless as a control over unreasonable behaviour, however, unless it satisfies a number of key conditions. It must be informed, it must be freely given, and it must be sufficiently granular, not bundled (Clarke, 2002). In a great many of the circumstances in which organisations are claiming to have consent to gather, store, use and disclose location data, the consumer does not appreciate what the scope of handling is that the service-provider is authorising themselves to perform; the Terms are imposed by the service-provider and may even be varied or completely re-written without consultation, a period of notice or even any notice at all; and consent is bundled rather than the individual being able to construct a pattern of consents and denials that suit their personal needs. Discussions all too frequently focus on the specifically-US notion of ‘opt-out’ (or ‘presumed consent’), with consent debased to ‘opt-in’, and deprecated as inefficient and business-unfriendly.

Recently, some very weak proposals have been put forward, primarily in the USA. In 2011, for example, two US Senators proposed a Location Privacy Protection Bill (Cheng, 2011). An organisation that collected location data from mobile or wireless data devices would have to state explicitly in their privacy policies what was being collected, in plain English. This would represent only a partial implementation of the already very weak 2006 recommendation of the Internet Engineering Task Force for Geographic Location/Privacy (IETF GEOPRIV) working group, which decided that technical systems should include ‘Fair Information Practices’ (FIPs) to defend against harms associated with the use of location technologies (EPIC, 2006). FIPs, however, is itself only a highly cut-down version of effective privacy protections, and the Bill proposes only a small fraction of FIPs. It would be close to worthless to consumers, and close to legislative authorisation for highly privacy-invasive actions by organisations.

Two other US senators tabled a GPS Bill, nominally intended to “balance the needs of Americans' privacy protections with the legitimate needs of law enforcement, and maintains emergency exceptions” (Anderson, 2011). The scope is very narrow – next would have to come the Wi-Fi Act, the A-GPS Act, etc. That approach is obviously unviable in the longer term as new innovations emerge. Effective legislation must have appropriate generality rather than excessive technology-specificity, and should be based on semantics not syntax. Yet worse, these Bills would provide legal authorisation for grossly privacy-invasive location and tracking. IETF engineers, and now Congressmen, want to compromise human rights and increase the imbalance of power between business and consumers.

7. Conclusions

Mobile device location technologies and their applications are enabling surveillance, and producing an enormous leap in intrusions into data privacy and into privacy of the person, privacy of personal communications, and privacy of personal behaviour.

Existing privacy laws are entirely incapable of protecting consumers and citizens against the onslaught. Even where consent is claimed, it generally fails the tests of being informed, freely given and granular.

There is an urgent need for outcries from oversight agencies, and responses from legislatures. Individual countries can provide some degree of protection, but the extra-territorial nature of so much of the private sector, and the use of corporate havens, in particular the USA, mean that multilateral action is essential in order to overcome the excesses arising from the US laissez fairetraditions.

One approach to the problem would be location privacy protection legislation, although it would need to embody the complete suite of protections rather than the mere notification that the technology breaches privacy. An alternative approach is amendment of the current privacy legislation and other anti-terrorism legislation in order to create appropriate regulatory provisions, and close the gaps that LBS providers are exploiting (Koppel, 2010).

The chimeras of self-regulation, and the unenforceability of guidelines, are not safeguards. Sensitive data like location information must be subject to actual, enforced protections, with guidelines and codes no longer used as a substitute, but merely playing a supporting role. Unless substantial protections for personal location information are enacted and enforced, there will be an epidemic of unjustified, disproportionate and covert surveillance, conducted by government and business, and even by citizens (Gillespie, 2009Abbas et al., 2011).

Acknowledgements

A preliminary version of the analysis presented in this paper appeared in the November 2011 edition of Precedent, the journal of the Lawyers Alliance. The article has been significantly updated as a result of comments provided by the referees and editor.

References

R. Abbas, The social and behavioural implications of location-based services: an observational study of users, Journal of Location Based Services, 5 (December 2011), pp. 3-4

R. Abbas, K. Michael, M.G. Michael, A. Aloudat, Emerging forms of covert surveillance using GPS-enabled devices, Journal of Cases on Information Technology, 13 (2) (2011), pp. 19-33

AG, What the government is doing: Surveillance Device Act 2004, Australian Government (25 May 2005) at http://www.ag.gov.au/agd/www/nationalsecurity.nsf/AllDocs/9B1F97B59105AEE6CA25700C0014CAF5?OpenDocument

ALRC, For your information: Australian privacy law and practice, (ALRC report 108), Australian Government (2008), 2, p. 1409–10, http://www.alrc.gov.au.ezproxy.uow.edu.au/publications/report-108

AMTA, New mobile telecommunications industry guidelines and consumer tips set benchmark for location based services, Australian Mobile Telecommunications Association (2010) at http://www.amta.org.au/articles/New.mobile.telecommunications.industry.guidelines.and.consumer.tips.set.benchmark.for.Location.Based.Services

N. Anderson, Bipartisan bill would end government's warrantless GPS tracking, Ars Technica (June 2011) at http://arstechnica.com/tech-policy/news/2011/06/bipartisan-bill-would-end-governments-warrantless-gps-tracking.ars

APF Revocation of the biometrics industry code, Australian Privacy Foundation (March 2012) at http://www.privacy.org.au/Papers/OAIC-BiomCodeRevoc-120321.pdf

B. Arnold, Privacy guide, Caslon Analytics (May 2008), at http://www.caslon.com.au/privacyguide19.htm

Art. 29, Opinion 13/2011 on geolocation services on smart mobile devices, Article 29 Data Protection Working Party, 881/11/EN WP 185, at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp185_en.pdf (16 May 2011)

BI Privacy code, Biometrics Institute, Sydney (April 2004) at http://web.archive.org/web/20050424120627/http://www.biometricsinstitute.org/displaycommon.cfm?an=1&subarticlenbr=8

A.J. Blumberg, P. EckersleyOn locational privacy, and how to avoid losing it forever, Electronic Frontier Foundation (August 2009), at https://www.eff.org/wp/locational-privacy

S. Bronitt, Regulating covert policing methods: from reactive to proactive models of admissibility, S. Bronitt, C. Harfield, K. Michael (Eds.), The social implications of covert policing (2010), pp. 9-14

J. Cheng, Franken's location-privacy bill would close mobile-tracking ‘loopholes’, Wired (17 June 2011), at http://www.wired.com/epicenter/2011/06/franken-location-loopholes/

K. Chetty, G.E. Smith, K. Woodbridge, Through-the-wall sensing of personnel using passive bistatic WiFi radar at standoff distances, IEEE Transactions on Geoscience and Remote Sensing, 50 (4) (April 2012), pp. 1218-1226

R. Clarke, Information technology and dataveillance, Communications of the ACM, 31 (5) (May 1988), pp. 498-512, at http://www.rogerclarke.com/DV/CACM88.html

R. Clarke, The digital persona and its application to data surveillance, The Information Society, 10 (2) (June 1994), pp. 77-92, at http://www.rogerclarke.com/DV/DigPersona.html

Clarke R. Privacy and dataveillance, and organisational strategy. In: Proc. I.S. Audit & Control Association (EDPAC'96), Perth, Western Australia; May 1996, at http://www.rogerclarke.com/DV/PStrat.html.

R. Clarke, Submission to the Commonwealth Attorney-General re: ‘a privacy scheme for the private sector: release of key provisions’ of 14 December 1999, Xamax Consultancy Pty Ltd (January 2000) at http://www.anu.edu.au/people/Roger.Clarke/DV/PAPSSub0001.html

R. Clarke, Person-location and person-tracking: technologies, risks and policy implications, Information Technology & People, 14 (2) (Summer 2001), pp. 206-231, at http://www.rogerclarke.com/DV/PLT.html

Clarke R. e-Consent: a critical element of trust in e-business. In: Proc. 15th Bled electronic commerce conference, Bled, Slovenia; June 2002, at http://www.rogerclarke.com/EC/eConsent.html.

R. Clarke, What's ‘privacy’? Xamax Consultancy Pty Ltd (2006), August 2006, at http://www.rogerclarke.com/DV/Privacy.html

R. Clarke, Make privacy a strategic factor – the why and the how, Cutter IT Journal, 19 (11) (2006), at http://www.rogerclarke.com/DV/APBD-0609.html

R. Clarke, Dissidentity: the political dimension of identity and privacy, Identity in the Information Society, 1 (1) (December 2008), pp. 221-228, at http://www.rogerclarke.com/DV/Dissidentity.html

Clarke R. The covert implementation of mass vehicle surveillance in Australia. In: Proc 4th workshop on the social implications of national security: covert policing, April 2009, ANU, Canberra; 2009a, at http://www.rogerclarke.com/DV/ANPR-Surv.html.

Clarke R. A sufficiently rich model of (id)entity, authentication and authorisation. In: Proc. IDIS 2009 – the 2nd multidisciplinary workshop on identity in the Information Society, LSE, 5 June 2009; 2009b, at http://www.rogerclarke.com/ID/IdModel-090605.html.

R. Clarke, A framework for surveillance analysis, Xamax Consultancy Pty Ltd (2009), August 2009, at http://www.rogerclarke.com/DV/FSA.html

R. Clarke, What is überveillance? (And what should be done about it?) IEEE Technology and Society, 29 (2) (Summer 2010), pp. 17-25, at http://www.rogerclarke.com/DV/RNSA07.html

Clarke R. The cloudy future of consumer computing. In: Proc. 24th Bled eConference; June 2011, at http://www.rogerclarke.com/EC/CCC.html.

R. Clarke, M. Wigan, You are where you've been: the privacy implications of location and tracking technologies, Journal of Location Based Services, 5 (3–4) (December 2011), pp. 138-155, http://www.rogerclarke.com/DV/YAWYB-CWP.html

E.B. Cleff, Implementing the legal criteria of meaningful consent in the concept of mobile advertising, Computer Law & Security Review, 23 (2) (2007), pp. 262-269

E.B. Cleff, Effective approaches to regulate mobile advertising: moving towards a coordinated legal, self-regulatory and technical response, Computer Law & Security Review, 26 (2) (2010), pp. 158-169

K. Collier, Stores spy on shoppers, Herald Sun (2011), 12 October 2011, at http://www.heraldsun.com.au/news/more-news/stores-spy-on-shoppers/story-fn7x8me2-1226164244739

K. Collier, Shopping centres' Big Brother plan to track customers, Herald Sun (2011), 14 October 2011, at http://www.heraldsun.com.au/news/more-news/shopping-centres-big-brother-plan-to-track-customers/story-fn7x8me2-1226166191503

K. Collier, ‘Creepy’ path intelligence retail technology tracks shoppers, news.com.au (2011), 14 October 2011, at http://www.news.com.au/money/creepy-retail-technology-tracks-shoppers/story-e6frfmci-1226166413071

F. Dahunsi, B. Dwolatzky, An empirical investigation of the accuracy of location-based services in South Africa, Journal of Location Based Services, 6 (1) (March 2012), pp. 22-34

J. Dobson, P. Fisher, Geoslavery, IEEE Technology and Society, 22 (2003), pp. 47-52, cited in Raper et al. (2007)

Economist, Vehicle data recorders – watching your driving, The Economist (23 June 2012), at http://www.economist.com/node/21557309

J. Edwards, Apple has quietly started tracking iphone users again, and it's tricky to opt out, Business Insider (11 October 2012) at http://www.businessinsider.com/ifa-apples-iphone-tracking-in-ios-6-2012-10

EPIC, Privacy and human rights report 2006, Electronic Privacy Information Center, WorldLII (2006) at http://www.worldlii.org.ezproxy.uow.edu.au/int/journals/EPICPrivHR/2006/PHR2006-Location.html

EPIC, Investigations of Google street view, Electronic Privacy Information Center (2012), at http://epic.org/privacy/streetview/

EU Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

Official Journal, L 201 (2002), 31/07/2002 P. 0037-0047, European Commission, at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML

J. Figueiras, S. Frattasi, Mobile positioning and tracking: from conventional to cooperative techniques, Wiley (2010)

S.J. Fusco, R. Abbas, K. Michael, A. Aloudat, Location-based social networking and its impact on trust in relationships, IEEE Technology and Society Magazine, 31 (2) (Summer 2012), pp. 39-50, at http://works.bepress.com.ezproxy.uow.edu.au/cgi/viewcontent.cgi?article=1326&context=kmichael

Gallagher T et al. Trials of commercial Wi-Fi positioning systems for indoor and urban canyons. In: Proc. IGNSS symposium, Queensland; 1–3 December 2009, cited in Zandbergen (2012).

J.S. Ganz, It's already public: why federal officers should not need warrants to use GPS vehicle tracking devices, Journal of Criminal Law and Criminology, 95 (4) (Summer 2005), pp. 1325-1337

A.A. Gillespie, Covert surveillance, human rights and the law, Irish Criminal Law Journal, 19 (3) (August 2009), pp. 71-79

IBM, IBM smart surveillance system (previous PeopleVision project, IBM Research (30 October 2011), at http://www.research.ibm.com.ezproxy.uow.edu.au/peoplevision/

D.M. Jay, Use of covert surveillance obtained by search warrant, Australian Law Journal, 73 (1) (Jan 1999), pp. 34-36

N.J. King, P.W. Jessen, Profiling the mobile customer – privacy concerns when behavioural advertisers target mobile phones, Computer Law & Security Review, 26 (5) (2010), pp. 455-478, and 2010; 26(6): 595–612

A. Koppel, Warranting a warrant: fourth amendment concerns raised by law enforcement's warrantless use of GPS and cellular phone tracking, University of Miami Law Review, 64 (3) (April 2010), pp. 1061-1089

P. Lewis, Fears over privacy as police expand surveillance project, The Guardian (15 September 2008) at http://www.guardian.co.uk/uk/2008/sep/15/civilliberties.police

B. van Loenen, J. Zevenbergen, J. de JongBalancing location privacy with national security: a comparative analysis of three countries through the balancing framework of the European court of human rights, N.J. Patten, et al. (Eds.), National security: institutional approaches, Nova Science Publishers (2009), [chapter 2]

M. McGuire, K.N. Plataniotis, A.N. Venetsanopoulos, Data fusion of power and time measurements for mobile terminal location, IEEE Transaction on Mobile Computing, 4 (2005), pp. 142-153, cited in Raper et al. (2007)

S. Mann, J. Nolan, B. Wellman, Sousveillance: inventing and using wearable computing devices for data collection in surveillance environments, Surveillance & Society, 1 (3) (June 2003), pp. 331-355, at http://www.surveillance-and-society.org/articles1(3)/sousveillance.pdf

Mautz R. Overview of indoor positioning technologies. Keynote. In: Proc. IPIN'2011, Guimaraes; September 2011, at http://www.geometh.ethz.ch/people/.../IPIN_Keynote_Mautz_2011.pdf.

D. Mery, The mobile phone as self-inflicted surveillance – and if you don't have one, what have you got to hide? The Register (10 April 2009) at http://www.theregister.co.uk/2009/04/10/mobile_phone_tracking/

Michael and Michael, 2007, K. Michael, M.G. Michael, From dataveillance to überveillance and the Realpolitik of the Transparent Society, University of Wollongong (2007) at http://works.bepress.com.ezproxy.uow.edu.au/kmichael/51

K. Michael, M.G. Michael, Innovative automatic identification and location-based services: from bar codes to chip implants, IGI Global (2009)

M.G. Michael, K. Michael, Towards a state of uberveillance, IEEE Technology and Society Magazine, 29 (2) (Summer 2010), pp. 9-16, at, http://works.bepress.com.ezproxy.uow.edu.au/kmichael/187

Michael K, McNamee A, Michael MG, Tootell H., Location-based intelligence – modeling behavior in humans using GPS. In: Proc. int'l symposium on technology and society, New York, 8–11 June 2006; 2006a, at http://ro.uow.edu.au/cgi/viewcontent.cgi?article=1384&context=infopapers.

Michael K, McNamee A, Michael MG. The emerging ethics of humancentric GPS tracking and monitoring. In: Proc. int'l conf. on mobile business, Copenhagen, Denmark. IEEE Computer Society; 2006b, at http://ro.uow.edu.au/cgi/viewcontent.cgi?article=1384&context=infopapers.

M.G. Michael, S.J. Fusco, K. Michael, A research note on ethics in the emerging age of uberveillance, Computer Communications, 31 (6) (2008), pp. 1192-1199, at http://works.bepress.com.ezproxy.uow.edu.au/kmichael/32/

Michael and Masters, 2006, K. Michael, A. Masters, Realized applications of positioning technologies in defense intelligence, H. Hussein Abbass, D. Essam (Eds.), Applications of information systems to homeland security and defense, Idea Group Publishing (2006), at http://works.bepress.com.ezproxy.uow.edu.au/kmichael/2

K. Michael, G. Rose, Human tracking technology in mutual legal assistance and police inter-state cooperation in international crimes, K. Michael, M.G. Michael (Eds.), From dataveillance to überveillance and the realpolitik of the transparent society. 1st ed, University of Wollongong, Wollongong (2007), pp. 241-256.

K. Michael, G. Roussos, G.Q. Huang, R. Gadh, A. Chattopadhyay, S.Prabhu, et al.Planetary-scale RFID services in an age of uberveillance, Proceedings of the IEEE, 98 (9) (2010), pp. 1663-1671

K. Michael, M.G. Michael, R. Abbas, The importance of scenarios in the prediction of the social implications of emerging technologies and services, Journal of Cases on Information Technology (JCIT) 13.2 (2011), pp. i-vii

A. Moses, Google escapes criminal charges for Wi-Fi snooping, The Sydney Morning Herald (6 December 2010) at http://www.smh.com.au/technology/security/google-escapes-criminal-charges-for-wifi-snooping-20101206-18lot.html

NSWLRC Surveillance, Report 108, NSW Law Reform Commission (2005) at http://www.lawlink.nsw.gov.au/lawlink/lrc/ll_lrc.nsf/pages/LRC_r108toc

OAIC. Office of the Australian Information Commissioner; April 2012, at http://www.comlaw.gov.au/Details/F2012L00869/Explanatory%20Statement/Text.

A.A. Otterberg, Note: GPS tracking technology: the case for revisiting Knotts and shifting the Supreme Court's theory of the public space under the fourth amendment, Boston College Law Review, 46 (2005) (2005), pp. 661-704

C. Parenti, The soft cage: surveillance in America from slavery to the war on terror, Basic Books (2003)

PI, Our commitment to privacy, Path Intelligence (2010), heading changed in late 2012 to ‘privacy by design’, at http://www.pathintelligence.com/en/products/footpath/privacy

PI, FootPath technology, Path Intelligence (2010) at http://www.pathintelligence.com/en/products/footpath/footpath-technology

PI Retail, Path Intelligence (2012), at http://www.pathintelligence.com/en/industries/retail

J. Raper, G. Gartner, H. Karimi, C. Rizos, A critical evaluation of location based services and their potential, Journal of Location Based Services, 1 (1) (2007), pp. 5-45

J. Raper, G. Gartner, H. Karimi, C. Rizos, Applications of location-based services: a selected review, Journal of Location Based Services, 1 (2) (2007), pp. 89-111

RE IEEE 802.11 standards tutorial, Radio-Electronics.com (2010), apparently of 2010, at http://www.radio-electronics.com/info/wireless/wi-fi/ieee-802-11-standards-tutorial.php

RE WiMAX IEEE 802.16 technology tutorial, Radio-Electronics.com (2010), apparently of 2010, at http://www.radio-electronics.com/info/wireless/wimax/wimax.php

RE Assisted GPS, A-GPS, Radio-Electronics.com (2012) apparently of 2012, at http://www.radio-electronics.com/info/cellulartelecomms/location_services/assisted_gps.php

Renegar BD, Michael K, Michael MG. Privacy, value and control issues in four mobile business applications. In: Proc. 7th int'l conf. on mobile business; 2008. p. 30–40.

J. Riley, Gov't ‘travesty’ in Google privacy case, ITWire, 20 (Wednesday 3 November 2010), p. 44, at http://www.itwire.com/it-policy-news/regulation/42898-govt-travesty-in-google-privacy-case

I.J. Samuel, Warrantless location tracking, New York University Law Review, 83 (2008), pp. 1324-1352

SHW Skyhook location performance at http://www.skyhookwireless.com/location-technology/performance.php (2012)

Skyhook. (2012). Website entries, including ‘frequently asked questions’ at http://www.skyhookwireless.com/whoweare/faq.php, ‘privacy policy’ at http://www.skyhookwireless.com/whoweare/privacypolicy.php and ‘location privacy’ at http://www.skyhookwireless.com/whoweare/privacy.php.

C. Song, Z. Qu, N. Blumm, A.-L. Barabási, Limits of predictability in human mobility, Science, 327 (5968) (2010), pp. 1018-1021.

A. Stern, Man fired thanks to GPS tracking, Center Networks (31 August 2007), at http://www.centernetworks.com/man-fired-thanks-to-gps-tracking

Stilgherrian, Forget government data retention, Google has you wired, Crikey (2 October 2012), at http://www.crikey.com.au/2012/10/02/forget-government-data-retention-google-has-you-wired/

USGovGPS accuracy, National Coordination Office for Space-Based Positioning, Navigation, and Timing(February 2012), at http://www.gps.gov/systems/gps/performance/accuracy/

VLRC, Surveillance in public spaces, Victorian Law Reform Commission (March 2010), Final report 18, at http://www.lawreform.vic.gov.au/wps/wcm/connect/justlib/Law+Reform/resources/3/6/36418680438a4b4eacc0fd34222e6833/Surveillance_final_report.pdf

D. Wright, M. Friedewald, S. Gutwirth, M. Langheinrich, E. Mordini, R.Bellanova, et al.Sorting out smart surveillance, Computer Law & Security Review, 26 (4) (2010), pp. 343-354

P.A. Zandbergen, Comparison of WiFi positioning on two mobile devices, Journal of Location Based Services, 6 (1) (March 2012), pp. 35-50

Keywords: Location-based systems (LBS), Cellular mobile, Wireless LAN, GPS, Mobile device signatures (MDS), Privacy, Surveillance, Überveillance

Citation: Katina Michael and Roger Clarke, "Location and tracking of mobile devices: Überveillance stalks the streets", Computer Law & Security Review, Vol. 29, No. 3, June 2013, pp. 216-228, DOI: https://doi.org/10.1016/j.clsr.2013.03.004

Innovative Auto-ID and LBS - Chapter One Introduction

This study is concerned with the automatic identification (auto-ID) industry which first came to prominence in the early 1970s. Auto-ID belongs to that larger sector known as information technology (IT). As opposed to manual identification, auto-ID is the act of identifying a living or nonliving thing without direct human intervention. Of course, the process of auto-ID data capture and collection requires some degree of human intervention, but the very act of authenticating or verifying an entity can now be done automatically. An entity can possess a unique code indicating personal identification or a group code indicating conformity to a common set of characteristics. Some of the most prominent examples of auto-ID techniques that will be explored in this book include bar code, magnetic-stripe, integrated circuit (IC), biometric and radio-frequency identification (RFID). The devices in which these techniques are packaged include a variety of form factors such as labels and tags, card technologies, human feature recognition, and implants. 

Read More

Location-Based Services: a vehicle for IT&T convergence

Katina Michael

School of Information Technology & Computer Science, University of Wollongong, Wollongong, Australia

Full Citation: Katina Michael, 2004, Location-Based Services: A Vehicle for IT&T Convergence, in eds. K. Cheng, D. Webb, and R. Marsh, Advances in e-Engineering and Digital Enterprise Technology, Professional Engineering Publishing United, London, UK.

* This chapter was a conference paper in the Proceedings of the Fourth International Conference on e-Engineering and Digital Enterprise Technology (e-ENGDET), Leeds Metropolitan University, UK, 1-3 September 2004. Supported by IMechE, IEE, EPSRC.

 

Synopsis

Location-based services (LBS), more than any other mobile commerce application area has served to bring together information technology and telecommunications (IT&T) industries. While much has been written on the potential of LBS, literature on how it is a catalyst for digital convergence is scant. This paper identifies and explores the various levels of converging technologies in mobile commerce by using three LBS case studies. Through literal replication the findings indicate that IT&T technologies are converging at the infrastructure, appliance and application level. It is predicted that mCommerce applications will increasingly rely on industry convergence to achieve their desired outcomes.

1 Introduction

Location-Based Services (LBS) is a branch of m-Commerce that has revolutionised the way people communicate with others or gather timely information based on a given geographic location. Everything living and non-living has a location on the earth’s surface, a longitude and latitude coordinate that can be used to provide a subscriber with a wide range of value added services (VAS). Subscribers can use their mobile phone, personal digital assistant (PDA) or laptop to find information relating to their current location. Typical LBS consumer applications include roadside assistance, who is nearest, where is, and personal navigation. LBS business applications differ in their focus and many are linked to core business challenges such as optimising supply chain management (SCM) and enhancing customer relationship management (CRM). Some of the more prominent LBS business applications include: fleet management (incorporating vehicle navigation), property asset tracking (via air, ship and road) and field service personnel management (i.e. people monitoring). The emergency services sector in the United States (US) was responsible for driving the first pin-point location service, demonstrating to the world the potentially life-saving functionality of the technology. As of October 2003, the Federal Trade Commission (FTC) enforced that wireless operators provide the Automatic Location Identification (ALI) of a caller to the emergency dispatcher. ALI standards designate that more than two-thirds of emergency calls received require the location of the individual to be accurate to within 50 metres, and 95 per cent of calls to within 150 metres. The technology is available for potential mass market deployment, how feasible it is however is a separate issue altogether. This paper provides an overview of the devices, applications and technologies used by three companies that offer LBS applications. The overall aim is to show the current state of development in leading edge LBS product innovations and to demonstrate that LBS have served to bring together information technology and telecommunications (IT&T) industries. The first section of the paper reviews previous literature and develops an analytical framework for the investigation; second each LBS product innovation will be examined; and third a discussion on the high-level effects LBS has had on IT&T convergence ensues.


2 Literature Review


2.1 Who, what, when, where & wi-fi?

The evolution of mobile location-based services has been well documented in a paper by Rao and Minakakis (1). This article summarises the platforms, technologies and standards of mobile LBS and does well to differentiate between the various techniques that can be used to determine an accurate location of an object or individual. These techniques include: cell identifier (cell ID), global positioning systems (GPS), assisted global positioning system (aGPS), and the broadband satellite network. Zeimpekis et al. (2) go into more explicit detail about each of these and identify a whole range of indoor and outdoor positioning techniques categorising these into “self positioning” and “remote positioning”. It should also be noted that location technologies can be classified as either handset-based or network-based. Cousins and Varshney (3) provide a brief overview of the location framework required for mobile location services whereas Varshney (4) goes into greater depth for each element in the framework. Balatseng and Hanrahan (5) specifically use the Global System for Mobile (GSM) to describe the logical architecture required to support mobile station positioning. Maass (6) can be credited with an implementation-level paper on location-aware mobile applications based on directory services. Varshney’s (4) paper however stands out from the rest of the literature in that he makes the important connection between the type of service offering and the level of accuracy required. He also includes the wireless LAN (wi-fi) network in the location management architecture, instituting radio frequency identification (RFID) as a significant technology embedded in the LBS framework.

In terms of target markets for LBS, Rao and Minakakis (1) identify three target markets including the consumer, niche consumer/ business, and industrial/ corporate. Cousins and Varshney (3) also separate state-driven applications from those that are business driven which is important when discussing the overall capabilities (present and future) of LBS (7). Typical services specified by most authors range from mapping, directory services, shopping, alerting, SCM, CRM, intelligent transportation, emergency and e-health. These can be applied in any given scenario- Business-to-Consumer (B2C), Business-to-Business (B2B) and even Citizen-to-Government (C2G) relationships. Interestingly the work of Burak and Sharon (8) on FriendZone is among the few analysing usage of a single LBS commercial application. The distinction between push and pull services is also important (4). The FriendZone service is a ‘push’ mode of operation allowing a subscriber to locate friends and acquaintances nearby, whereas checking on the next movie showing closest to a location is an example of a ‘pull’ mode of operation. Some of the more common revenue business models for LBS services include the traditional subscription-based model, pay-per-view, micropayments and application service provider (ASP) facilitator (1).

2.2 The gap in the literature

The gap in the literature is two-fold. First, a paper needs to be written showcasing cutting edge LBS product innovations that reveal the current state of development. A lot of sensational material exists in the popular media about what is possible with LBS but a candid view of billable applications that are being offered now is required. Second, a look at how LBS is spurring on convergence at various levels within IT&T needs to be demonstrated. Traditional telephone companies are no longer the typical service providers (SPs). New business models are changing the rules of engagement between established companies and new entrants who are looking for niche markets. The definite move toward a packet-based solution using Internet Protocol (IP) is also blurring the line between the once easily identifiable carrier-grade applications and enterprise-level offerings. The need to reduce the time-to-market (TTM) for opportune LBS was exemplified during the SARS outbreak in 2003. Hong Kong mobile telephone operator, Sunday, rapidly developed and launched an application that warned subscribers via short message service (SMS) about buildings with confirmed or suspected SARS cases within approximately one kilometre radius of their location.

3 Methodology

The research approach for this paper is exploratory. Multiple case studies will be used to gather evidence to satisfy the two main objectives stated above. The main unit of analysis is the product innovation, and the sub-unit of analysis is the LBS technology used to implement that product innovation. Three US companies have been chosen for this study, each with billable LBS market applications. AT&T Wireless (www.attwireless.com), Wherify Wireless (www.wherifywireless.com) and Applied Digital Solutions (www.adsx.com) offer product innovations that represent the diverse ways that LBS applications can be implemented. The case study protocol is composed of the following questions: What is the product innovation? What are the LBS applications the company can support? When were the company’s LBS services officially launched? Who is the target market? What kind of device(s) is/ are being used by the subscriber? What are the subscriber pricing plans (i.e. connection, monthly, usage fees)? Is it a carrier-grade or enterprise-level application? What is the level of accuracy when locating a subscriber? What do the LBS services require in terms of IT&T? It is the latter question that pertains to showing that LBS is a catalyst to IT&T convergence. In citing Kampas, Chen (9) provides a high-level framework for possible convergence at three separate layers occurring at the infrastructure, appliance and application levels. Chen also describes the notion of “colliding industries” including the communication, electronics, computing and information/ entertainment sectors.

The data gathered by the researcher will be drawn completely from information provided on the company web sites published between the period of April 2002 and April 2004. The online documentation reviewed will typically include: company background, product briefs, application user guides, technical specifications and press releases. In this manner, the method of investigation can be considered wholly e-research (10). External validity is ensured given that the companies are registered on the New York Stock Exchange and must provide factual content to their present and potential subscriber base. The possibility of researcher bias is minimised in this paper given its intent is not to prove that one service is better than another, but to document the current state of development.

4 Case Studies

4.1 Product innovations

4.1.1 The versatile mMode

AT&T Wireless was the first mobile carrier to launch m-Commerce applications in the US in July 2001. Following the success of NTT Docomo’s i-mode and c-mode in Japan, mMode provided a value-added data-centric package to AT&T’s voice and SMS basic plans. Subscribers to mMode can use numerous devices to communicate including IP-enabled phones, PDAs, handhelds and even vertical devices such as the Panasonic Toughbook and Microslate Sidearm. The service is carrier-grade and is based on a GSM network architecture that uses new network elements, namely the Gateway Mobile Location Centre (GMLC), Serving Mobile Location Centre (SMLC), and the Location Measurement Unit (LMU). AT&T Wireless is now rolling out the general packet radio service (GPRS) network and EDGE technology, increasing bandwidth by targeting specific coverage areas as demand increases and it becomes economically justifiable to do so. The accuracy of the specific location-based applications is dependent upon the general location of the mobile transmission tower most recently contacted by the customer’s device. For example, the IP device could be right next to a tower or some fifteen kilometres away. In metropolitan areas the accuracy is greater given the number of base transceiver stations is higher than in less urbanised areas.

4.1.2 The wrist-worn GPS Personal Locator

mMode’s location identification is not pin-point such as in the Wherify Personal Locator solution that is based on a combination of GPS satellites and code division multiple access (CDMA) PCS network triangulation methods. The Personal Locator wrist-worn device is accurate within 30 metres of the wearer, possibly even as close as a metre. The GPS device can be controlled by both the subscriber and individual wearer, allowing the parent subscriber to track the wearer, and for the wearer to alert the parent subscriber and/or location centre headquarters in case of an emergency. Coverage is available throughout the US given the GPS capability but is dependent on the PCS network coverage footprint. The Wherify frequently-asked-questions (FAQs) page (11) states: “[i]f a GPS signal is received, but the Locator is outside the digital wireless coverage area or does not receive a digital wireless signal, no location report will be provided. If the Locator receives a digital wireless signal, but no GPS signal is available, a CDMA tower-based location report will be available for emergencies.” On December 30th 2003, Wherify unveiled its new GPS Universal Locator Phone which is targeted at all age groups of both the consumer and business market.

4.1.3 The VeriChip implant

While mMode requires the subscriber to carry a device, and the Personal Locator requires an individual to wear a device, VeriChip is radical in that it requires the subscriber to be implanted with a microchip (see table 1 for a comparison list of attributes). The campaign to Get Chipped was launched in early 2003, and the first person to do so formally was implanted in September of that year. The chipping procedure only lasts a few minutes. There are a number of Veri centres where the procedure can take place in the US and internationally. There is even a high-tech ChipMobile bus fully equipped to perform the implant procedure, ‘on the road’. Applied Digital Solutions (ADSX) initially invested heavily in another product they called the Digital Angel in 2002, which resembled the Personal Locator solution but aimed at a broader market base than just children. The Digital Angel wristwatch was more slim-line but required the user to carry an additional wallet with battery power. While remnants of the Digital Angel web site are still operational today, it is the VeriChip which has become the flagship product of the VeriChip Corporation (a subsidiary of ADSX). About the size of a grain of rice, the VeriChip is the world’s first subdermal radio-frequency identification (RFID) microchip. According to an ADSX press release (12): “[t]he standard location of the microchip is in the triceps area between the elbow and the shoulder of the right arm.” In theory an implantee could be identified in a wi-fi network, such as in a workplace or university campus. Whereas GPS has limitations in-building locations due to construction materials used, RFID thrives in a local area network (LAN) setting, allowing walkways and door entries to act as scanners. RF energy from the scanner triggers the dormant VeriChip and in turn sends out a signal containing the unique verification number. The exchange of data is transparent and seamless in the case of RFID, there is no need to physically stop to verify a biometric feature- the network is ubiquitous. In another scenario, an individual could be identified by the RFID implant, giving emergency services access to the implantee’s medical data and history that could be potentially life-saving. Unlike other fixed services, m-Commerce applications grant the subscriber access to services twenty-four hours a day, seven days a week. In the case of the VeriChip it is not only “always on” but “ever-present” inside the body of the subscriber. Unlike physical biometric attributes, the VeriChip is inconspicuous to the naked eye.

Table 1 LBS product innovations and their attributes

Table 1 LBS product innovations and their attributes

 

4.2 LBS applications

4.2.1 “My mMode: this time it's personal”

mMode is heavily oriented towards the consumer market, although AT&T Wireless also offer package deals to business users specifically for the purposes of email (plus attachments), web access, and remote access. mMode was marketed as the beginning of mLife, next generation services that ‘one could not live without’ (13). Among its mCommerce suite that includes news, music and finance services are a number of LBS solutions (a list of these can be found in table 2). mMode’s LBS applications are diverse- everything from a mobile traffic report to directions ‘to the nearest’ and find people nearby (14). Some of the more creative LBS are chat and date, and travel and dining. There are four plans subscribers can choose from including: mini, mega, max and ultra. The plans are charged monthly ranging from $2.99 to $19.99 USD and include a limited megabytes (MB) download. Additional usage fees are charged at between 2c and 0.6c per extra kilobyte (KB) received or sent, dependent on the plan. These fees do not include voice calls and SMS. The mMode service is bundled allowing the subscriber maximum personalisation to choose from any application they require. The myMode web site allows the subscriber to customise their preferences and settings.

4.2.2 Personal Locator “Just For Kids”

In contrast to AT&T Wireless, Wherify strategically chose to enter the market with a niche LBS application for a Personal Locator Just For Kids, specifically targeted at parents of children between the age of four and twelve. The device previously cost $399 USD but was recently slashed for a “back to school special” to $199. Monthly plans for the LBS application range from an average of $19.95 to $44.95 dependent on the plan chosen (liberty, independence or freedom). There is a one-time activation fee of $35 USD plus usage fees related to additional page requests above the included locates, additional operator assistance calls and subsequent emergency calls. Wherify makes it clear that it is looking to diversify to other niche applications including Alzheimer’s and law enforcement, even though the Locator for Kids is the only marketable application demoed on the web site at the present time (15).

Table 2- Present and future LBS applications as stated on the company web site

Table 2- Present and future LBS applications as stated on the company web site

4.2.3 “Get Chipped” with VeriChip: “technology that cares”

There is little information on the ADSX web site about the pricing of the VeriChip, however it is stated that the global VeriChip subscriber (GVS) registry subscription fee is $9.95 USD monthly. There is a cost for the implant medical procedure as well, although this is not provided. In 2002 the first one hundred pre-registered persons were granted a $50 USD discount on the chipping procedure (16). The pricing for the new VeriPay and VeriGuard services has yet to be published on the WWW and probably will not be given these are typically targeting business-to-business-to-consumer (B2B2C) solutions which are highly complex in design. The “Trusted Traveller” and residential security programs (i.e., prisoners serving their sentence from home) are two examples of VeriGuard LBS applications. One desirable feature of VeriGuard is that it could operate in conjunction with other auto-ID technologies like smart cards and biometrics, rendering customer legacy systems reusable.

4.4 Information technology and telecommunications (IT&T) requirements


4.4.1 mMode: how does it work?

Using the “find people nearby” service, the GSM/ GPRS network works as follows to determine a subscriber’s approximate location. An application request is made by a subscriber. The application server subsequently makes a location request to the gateway mobile location centre (GMLC). The GMLC in turn queries the home location register (HLR) and then contacts the appropriate mobile switching centre (MSC). Another location request is generated to identify the base station controller (BSC) where the mobile is currently using the serving mobile location centre (SMLC). The BSC then can use the location measurement unit (LMU) alongside the appropriate base transceiver stations (BTS) to determine the location of the subscriber by using the uplink time distance of arrival (UTDOA). The location information is then sent back via the above-mentioned pieces of hardware/ software until the message reaches the application server and a response is given to the subscriber. The AT&T Wireless web site provides an excellent facility to aid external developers of mobile solutions (17). Freely available for download are whitepapers, style guides, software development kits (SDK), programming guides, sample code and emulators. In table 3 can be found the major building blocks of the mMode technical solution.

Table 3. The mMode Building Blocks

Table 3. The mMode Building Blocks

AT&T Wireless differs significantly from Wherify and Applied Digital Solutions, given it owns much of its network infrastructure. AT&T Wireless also has a large existing customer base that is used to an excellent quality of service (QoS) and certain level of post sales support. Launching LBS applications nation-wide with potentially tens-of-thousands of new subscribers joining daily, requires equipment that can handle data traffic levels and systems that have been thoroughly tested for faults. mMode contains diverse LBS services- ensuring that each of these works properly and is interoperable with a range of media devices is a labour-intensive activity which is one reason why they have decided to outsource as well.

4.4.2 Personal Locator: all the bits and pieces

Wherify’s location service centre (LSC) is at the heart of its current and pending product innovations. A carrier-class server and software hub, the LSC manages and presents location-based information. Unlike mMode, Wherify utilises wireless data and aGPS. Consider the following scenario where a parent wants to be reassured that their child made it to school alright after missing the bus. The parent requests a location report via the Internet using a Microsoft IE browser (or ringing the toll-free telephone number). The LSC contacts the child’s Personal Locator via the PCS network (if within the footprint), and then downloads the current GPS data and requests a location. Using the data from the LSC, the device that is identified by an electronic serial number (ESN), finds the closest satellite and then computes the longitude and latitude coordinates of the child’s location. The Personal Locator then communicates location information to the LSC and the LSC generates a location report for the parent via the Internet. The whole process from request to report takes about sixty seconds. The parent is able to look at the report visually on a scalable map which shows streets and other feature points in a vector or aerial view, using geographic information systems (GIS) capabilities. Each report requested by the parent is logged in the customer’s event file database for billing and subscriber profiling. The location database includes a time stamp along with the longitude/ latitude coordinates. The wearer’s profile is also stored including: age, gender, height, weight and features.

Wherify make no secret of their technology partners. They include an impressive list of companies: SiRF who provide the GPS chipset that is integrated into the Personal Locator based on a-GPS; Qualcomm for the CDMA chipset; Baldwin Hackett & Meeks who are applications developers, Conexant who provide the RF board; Advanced Micro Systems who specialise in flash memory; Compaq for the server technology; Intrado for emergency communications; and GlobeXplorer Online for the component of aerial photography. Security firewalls are paramount in the Personal Locator system as is redundancy and fault tolerance. During an emergency situation for instance, the LSC is even able to interact with public safety answering points (PSAP) through Wherify’s emergency operation service. There are customer care representatives available 24x7x365.

4.4.3 VeriChip made very easy

The least complex of the three case studies in terms of technology requirements is the VeriChip. RFID networks are usually small in scale when compared to nation-wide or global networks. They include the following components: the RFID transponder, a reader that captures information, an antenna that transmits information, and a computer which interprets or manipulates the information gathered. In the case of VeriChip, there is a requirement that each subscriber registers their personal details (and other relevant information they desire) on the GVS database. At this stage all the transponders issued by VeriChip are passive but it is likely that active transponders will be issued in the future, despite the fact that they require on-board battery power to operate internal electronics. When an individual passes an associated scanner, information is read and sent to the computer via an antenna. Dependent on the application, a log may be retained or the implantee’s location updated a predefined number of times in a set period. Given global standards are an issue for debate in RFID, proprietary systems are used.

5. Discussion


5.1 Defining Convergence

Convergence means different things to different people and is usually loosely applied to denote the coming together of two distinct technologies, i.e. the merging of several products into a single good. The 2003 Penguin Concise Dictionary states that convergence is a “jargon term” and gives examples of the merging of the television (TV) and computer, or telephone and computer, or TV and WWW. To anyone who has studied technological trajectories at any length, convergence is far from being a jargon term, but a well-constituted concept in the field of innovation (18, 19, 20). Terms like “digital convergence”, “technological convergence”, “application convergence” and “industry convergence” have been used interchangeably in some instances, and in others each has carried a loaded meaning. For example, Covell (18) states: “(d)igital convergence is the merging of these improved computing capabilities, new digital multimedia technologies and content, and new digital communications technologies. This combination of computing power and functionality, digital networked interconnectedness, and multimedia capability enables new forms of human interaction, collaboration, and information sharing.” Greenstein and Khanna (20) on the other hand, distinguish between “convergence in substitutes” and “convergence in complements”. The distinction of these ‘kinds’ of convergence finally puts an end to the debate over usage. Convergence thus can occur at any level of detail, in any part of the subsystem.

5.2 LBS: a catalyst for IT&T convergence

Throughout this paper, technologies at the appliance, application and infrastructure level have been shown for each of the LBS cases. What can be seen is a coming together of what were once somewhat unrelated technologies. Most obvious perhaps is the convergence of wireless capabilities and the Internet as depicted in the mMode case. For example, IP-based phones can already receive voice, text and multimedia. And as for the vertical devices mentioned, many of these are converged technologies in themselves (e.g. the wireless PDA that is also a phone and MPEG3 player). In the case of Wherify, the traditional wristwatch has now been turned into a Personal Locator with the aid of a GPS chipset. And chip implants have found there way under the skin of human beings to converge with living tissue- chips once as big as bricks, now smaller in size than a grain of rice.

Yet it is not only at the device level that convergence is occurring. A whole suite of new applications are being created using content from syndicates, once considered to be unrelated. The Yellow Pages directory for instance, used to “find the nearest”, or “the best 10 nightlife” locations as well as providing “shopping discount alerts”. And geographic information systems once used for computer-aided design (CAD), now used to visually represent the geographic location trail of a child, using high resolution aerial photography once synonymous with superior defence intelligence systems. There are even applications like VeriPay that are forecasted to change the way that humans interact with other technologies like automatic teller machines (ATMs). Who needs to carry a card at all? Applications once used solely for businesses purposes, now permeating the consumer market given their cross-functional nature.

At the infrastructure level also, multiple network technologies are being used in tandem to locate subscribers including PCS with aGPS. Another example provided, was the VeriGuard system that will have the capability to incorporate other automatic identification (auto-ID) reader equipment belonging to smart card and biometrics. Even at the protocol level, the very essence of traditional voice calls will be packetised, i.e. voice will be data. It is obvious through the evidence provided in this paper that convergence in complements is occurring, given the products are working better together than separately (20). LBS has shown itself to also involve a diverse range of businesses from vertical and horizontal industries- from independent software vendors (ISVs) developing the applications, to third party suppliers building enabling technologies and platforms, toindustry bodies setting the appropriate standards for communications, to marketing consultants invited to develop and spearhead brand awareness campaigns. LBS brings not only the industries but the technologies to increasingly work together to form larger and larger systems (20).

6 Conclusion

Location-based services are pulling together a vast array of digital technologies like never before. The convergence between technologies is a cultural-changing force. Miniaturisation in design in particular is allowing for once separate technologies to be fused. From handset phones to smart watches to implants, the more invasive the technologies are becoming, the greater the precision for locating the subscriber or wearer or implantee. The question now, that all this technology can be used in an integrated fashion, is how far will entrepreneurs take LBS in the future? How many different players can become involved in offering LBS specifically before the state of affairs becomes too cluttered and confused? Do content providers reach mutually exclusive agreements with service providers (SPs) so that there is minimal conflict of interest? And if so, does this not limit the number of SPs to a few large players that can actually deliver LBS? And how many different types of LBS can one service provider practically offer? Looking at the dilemma from another perspective- will consumers require subscription to mMode, the Personal Locator and the VeriChip solution and carry with them a PDA, wear a GPS watch and be implanted with a chip, to circumvent a variety of limitations of each technology? Or are future directions set on a trajectory of even greater convergence proportions between all of the technologies discussed in this paper. For instance, will one device be able to cater for the needs at each level of accuracy- global, national, regional, local and in-building or will service providers amalgamate their networks to offer super-LBS services from satellite-based to network-based to LAN-based and PAN-based. Whatever the outcome, we are surely entering into a period where pervasive computing will become a dominant force in the way we live, work, and interact with one another.

7 References

(1) B. Rao & L. Minakakis, 2003, “EVOLUTION of Mobile Location-Based Services”, Communications of the ACM, 46(12), December, pp. 61-65.

(2) V. Zeimpekis et al., 2003, “A Taxonomy of Indoor and Outdoor Positioning Techniques for Mobile Location Services”, Journal of ACM SIGecom Exchanges, 3(4), pp. 19-27.

(3) K. Cousins & U. Varshney, 2001, “A Product Location Framework for Mobile Commerce Environment”, Proc. ACM 1st International Conference on Mobile Commerce, pp. 43-47.

(4) U. Varshney, 2003, ‘Location Management for Mobile Commerce Applications in Wireless Internet Environment’, ACM Transactions on Internet Technology, 3(3), August, pp. 236-255.

(5) O.E. Balatseng & H.E. Hanrahan, 2002, ‘MS Positioning for the Support of Mobile Location Services’, [http://www.ee.wits.ac.za/~comms/output/satnac02/balatseng.doc, 2004].

(6) H. Maass, 1998, ‘Location-aware Mobile Applications Based on Directory Services’, Mobile Networks and Applications, 3, pp. 157-173.

(7) H.M. Deitel et al., 2001, e-Business and e-Commerce for Managers, Prentice Hall, New Jersey, p. 168-170.

(8) A. Burak & T. Sharon, 2003, ‘Analysing Usage of Location Based Services’, CHI 2003: New Horizons, April 5-10, Florida, USA, pp. 970-971.

(9) S. Chen, 2001, Strategic Management of e-Business, John Wiley and Sons, New York, pp. 5-7.

(10) T. Anderson & H. Kanuka, 2003, E-research: methods, strategies, and issues, Allyn and Bacon, Boston.

(11) Wherify, 2004, “Frequently Asked Questions”, Wherify Wireless, [http://www.wherifywireless.com/faq.asp, Last Accessed: 15 April 2004].

(12) ADSX, 21 November 2003, “Applied Digital Solutions’ CEO Announces “VeriPay™” Secure Subdermal Solution for Payment and Credit Transactions at ID World 2003 in Paris”, Applied Digital Solutions, [http://www.adsx.com/news/2003/112103.html, Last Accessed: 15 April 2004].

(13) B. McDonough, 17 April 2002, “AT&T Wireless Pushes mLife with mMode”, CIO Today, [http://cio-today.newsfactor.com/perl/story/17307.html, Last Accessed: 6 April 2004].

(14) AT&T, 2003, “Feature and Services User Guide”, AT&T Wireless, [http://www.attwireless.com/personal/features/mmode/mmode_guide.jhtml, Last Accessed: 15 April 2004], pp. 1-39.

(15) Wherify, 2003, “Wherify Wireless GPS Locator For Kids”, Wherify Wireless, [http://www.wherifywireless.com/prod_watches.htm, Last Accessed: 15 April 2004], pp. 1-120.

(16) ADSX, 2003, “Implantable Personal Verification Systems”, Applied Digital Solutions, [http://www.adsx.com/prodservpart/verichip.html, Last Accessed 15 April 2004], pp. 1-2.

(17) AT&T, 2003, “Developer Tools”, AT&T Wireless, [http://www.attwireless.com/ developer/tools/, Last Accessed: 15 April 2004].

(18) A. Covell, 2000, Digital Convergence: how the merging of computers, communications, and multimedia is transforming our lives, Aegis Publishing Group, Rhode Island, p. 14.

(19) T.F. Baldwin et al., 1996, CONVERGENCE: integrating media, information & communication, Sage Publications, California, p. 209.

(20) S. Greenstein & T. Khanna, 1997, “What Does Industry Convergence Mean?” in D.B. Yoffie (ed.), Competing in the Age of Digital Convergence, Harvard Business School Press, USA, pp. 204.

8 Acknowledgements

The author is currently involved in collaborative work with Nortel Networks on the theme of the Mobile Location Centre (MLC).