Location and Tracking of Mobile Devices

Location and Tracking of Mobile Devices: Überveillance Stalks the Streets

Review Version of 7 October 2012

Published in Computer Law & Security Review 29, 3 (June 2013) 216-228

Katina Michael and Roger Clarke **

© Katina Michael and Xamax Consultancy Pty Ltd, 2012

Available under an AEShareNet  licence or a Creative Commons  licence.

This document is at http://www.rogerclarke.com/DV/LTMD.html

Abstract

During the last decade, location-tracking and monitoring applications have proliferated, in mobile cellular and wireless data networks, and through self-reporting by applications running in smartphones that are equipped with onboard global positioning system (GPS) chipsets. It is now possible to locate a smartphone-user's location not merely to a cell, but to a small area within it. Innovators have been quick to capitalise on these location-based technologies for commercial purposes, and have gained access to a great deal of sensitive personal data in the process. In addition, law enforcement utilise these technologies, can do so inexpensively and hence can track many more people. Moreover, these agencies seek the power to conduct tracking covertly, and without a judicial warrant. This article investigates the dimensions of the problem of people-tracking through the devices that they carry. Location surveillance has very serious negative implications for individuals, yet there are very limited safeguards. It is incumbent on legislatures to address these problems, through both domestic laws and multilateral processes.

Contents

1. Introduction

Personal electronic devices travel with people, are worn by them, and are, or soon will be, inside them. Those devices are increasingly capable of being located, and, by recording the succession of locations, tracked. This creates a variety of opportunities for the people concerned. It also gives rise to a wide range of opportunities for organisations, at least some of which are detrimental to the person's interests.

Commonly, the focus of discussion of this topic falls on mobile phones and tablets. It is intrinsic to the network technologies on which those devices depend that the network operator has at least some knowledge of the location of each handset. In addition, many such devices have onboard global positioning system (GPS) chipsets, and self-report their coordinates to service-providers. The scope of this paper encompasses those already-well-known forms of location and tracking, but it extends beyond them.

The paper begins by outlining the various technologies that enable location and tracking, and identifies those technologies' key attributes. The many forms of surveillance are then reviewed, in order to establish a framework within which applications of location and tracking can be characterised. Applications are described, and their implications summarised. Controls are considered, whereby potential harm to the interests of individuals can be prevented or mitigated.

2. Relevant Technologies

The technologies considered here involve a device that has the following characteristics:

  • it is conveniently portable by a human, and
  • it emits signals that:
    • enable some other device to compute the location of the device (and hence of the person), and
    • are sufficiently distinctive that the device is reliably identifiable at least among those in the vicinity, and hence the device's (and hence the person's) successive locations can be detected, and combined into a trail

The primary form-factors for mobile devices are currently clam-shape (portable PCs), thin rectangles suitable for the hand (mobile phones), and flat forms (tablets). Many other form-factors are also relevant, however. Anklets imposed on dangerous prisoners, and even as conditions of bail, carry RFID tags. Chips are carried in cards of various sizes, particularly the size of credit-cards, and used for tickets for public transport and entertainment venues, aircraft boarding-passes, toll-road payments and in some countries to carry electronic cash. Chips may conduct transactions with other devices by contact-based means, or contactless, using radio-frequency identification (RFID) or its shorter-range version near-field communication (NFC) technologies. These capabilities are in credit and debit cards in many countries. Transactions may occur with the cardholder's knowledge, with their express consent, and with an authentication step to achieve confidence that the person using the card is authorised to do so. In a variety of circumstances, however, some and even all of those safeguards are dispensed with. The electronic versions of passports that are commonly now being issued carry such a chip, and have an autonomous communications capability. The widespread issue of cards with capabilities uncontrolled by, and in many cases unknown to, the cardholder, is causing consternation among segments of the population that have become aware of the schemes.

Such chips can be readily carried in other forms, including jewellery such as finger-rings, and belt-buckles. Endo-prostheses such as replacement hips and knees and heart pacemakers can readily carry chips. A few people have voluntarily embedded chips directly into their bodies for such purposes as automated entry to premises (Michael & Michael 2009).

In order to locate and track such devices, any sufficiently distinctive signals may in principle suffice. See Raper et al. (2007a) and Mautz (2011). In practice, the signals involved are commonly those transmitted by a device in order to take advantage of wireless telecommunications networks. The scope of the relevant technologies therefore also encompasses the signals, devices that detect the signals, and the networks over which the data that the signals contain are transmitted.

In wireless networks, it is generally the case that the base station or router needs to be aware of the identities of devices that are currently within the cell. A key reason for this is to conserve limited transmission capacity by sending messages only when the targeted device is known to be in the cell. This applies to all of:

  • cellular mobile originally designed for voice telephony and extended to data (in particular those using the '3G' standards GSM/GPRS, CDMA2000 and UMTS/HSPA and the '4G' standard LTE)
  • wireless local area networks (WLANs, commonly Wifi / IEEE 802.11x - RE 2010a)
  • wireless wide area networks (WWANs, commonly WiMAX / IEEE 802.16x - RE 2010b).

Devices in such networks are uniquely identified by various means (Clarke & Wigan 2011). In cellular networks, there is generally a clear distinction between the entity (the handset) and the identity it is adopting at any given time (which is determined by the module inserted in it). Depending on the particular standards used, what is commonly referred to as 'the SIM-card' is an R-UIM, a CSIM or a USIM. These modules store an International Mobile Subscriber Identity (IMSI), which constitutes the handset's identifier. Among other things, this enables network operators to determine whether or not to provide service, and what tariff to apply to the traffic. However, cellular network protocols may also involve transmission of a code that distinguishes the handset itself, within which the module is currently inserted. A useful generic term for this is the device 'entifier' (Clarke 2009b). Under the various standards, it may be referred to as an International Mobile Equipment Identity (IMEI), ESN, or MEID.

In Wifi and WiMAX networks, the device entifier may be a processor-id or more commonly a network interface card identifier (NIC Id). In various circumstances, other device-identifiers may be used, such as a phone-number, or an IP-address may be used as a proxy. In addition, the human using the device may be directly identified, e.g. by means of a user-accountname.

A WWAN cell may cover a large area, indicatively of a 50km radius. Telephony cells may have a radius as large as 2-3 km or as little as a hundred metres. WLANs using Wifi technologies have a cell-size of less than 1 hectare, indicatively 50-100 metres radius, but in practice often constrained by environmental factors to only 10-30 metres.

The base-station or router knows the identities of devices that are within its cell, because this is a technically necessary feature of the cell's operation. Mobile devices auto-report their presence 10 times per second. Meanwhile, the locations of base-stations for cellular services are known with considerable accuracy by the telecommunications providers. And, in the case of most private Wifi services, the location of the router is mapped to c. 30-100 metre accuracy by services such as Skyhook and Google Locations, which perform what have been dubbed 'war drives' in order to maintain their databases - in Google's case in probable violation of the telecommunications interception and/or privacy laws of at least a dozen countries (EPIC 2012).

Knowing that a device is within a particular mobile phone, WiMAX or Wifi cell provides only a rough indication of location. In order to generate a more precise estimate, within a cell, several techniques are used (McGuire et al. 2005). These include the following (adapted from Clarke & Wigan 2011. See also Figueiras & Frattasi 2010):

  • directional analysis. A single base-station may comprise multiple receivers at known locations and pointed in known directions, enabling the handset's location within the cell to be reduced to a sector within the cell, and possibly a narrow one, although without information about the distance along the sector;
  • triangulation. This involves multiple base-stations serving a single cell, at known locations some distance apart, and each with directional analysis capabilities. Particularly with three or more stations, this enables an inference that the device's location is within a small area at the intersection of the multiple directional plots;
  • signal analysis. This involves analysis of the characteristics of the signals exchanged between the handset and base-station, in order to infer the distance between them. Relevant signal characteristics include the apparent response-delay (Time Difference of Arrival - TDOA, also referred to as multilateration), and strength (Received Signal Strength Indicator - RSSI), perhaps supplemented by direction (Angle Of Arrival - AOA).

The precision and reliability of these techniques varies greatly, depending on the circumstances prevailing at the time. The variability and unpredictability result in many mutually inconsistent statements by suppliers, in the general media, and even in the technical literature.

Techniques for cellular networks generally provide reasonably reliable estimates of location to within an indicative 50-100m in urban areas and some hundreds of metres elsewhere. Worse performance has been reported in some field-tests, however. For example, Dahunsi & Dwolatzky (2012) found the accuracy of GSM location in Johannesberg to be in the range 200-1400m, and highly variable, with "a huge difference between the predicted and provided accuracies by mobile location providers".

The web-site of the Skyhook Wifi-router positioning service claims 10-metre accuracy, 1-second time-to-first-fix and 99.8% reliability (SHW 2012). On the other hand, tests have resulted in far lower accuracy measures, including an average positional error of 63m in Sydney (Gallagher et al. 2009) and "median values for positional accuracy in [Las Vegas, Miami and San Diego, which] ranged from 43 to 92 metres ... [and] the replicability ... was relatively poor" (Zandbergen 2012, p. 35). Nonetheless, a recent research article suggested the feasibility of "uncooperatively and covertly detecting people 'through the wall' [by means of their WiFi transmissions]" (Chetty et al. 2012).

Another way in which a device's location may become known to other devices is through self-reporting of the device's position, most commonly by means of an inbuilt Global Positioning System (GPS) chip-set. This provides coordinates and altitude based on broadcast signals received from a network of satellites. In any particular instance, the user of the device may or may not be aware that location is being disclosed.

Despite widespread enthusiasm and a moderate level of use, GPS is subject to a number of important limitations. The signals are subject to interference from atmospheric conditions, buildings and trees, and the time to achieve a fix on enough satellites and deliver a location measure may be long. This results in variability in its practical usefulness in different circumstances, and in its accuracy and reliability. Civil-use GPS coordinates are claimed to provide accuracy within a theoretical 7.8m at a 95% confidence level (USGov 2012), but various reports suggest 15m, or 20m, or 30m, but sometimes 100m. It may be affected by radio interference and jamming. The original and still-dominant GPS service operated by the US Government was subject to intentional degradation in the US's national interests. This 'Selective Availability' feature still exists, although subject to a decade-long policy not to use it; and future generations of GPS satellites may no longer support it.

Hybrid schemes exist that use two or more sources in order to generate more accurate location-estimates, or to generate estimates more quickly. In particular, Assisted GPS (A-GPS) utilises data from terrestrial servers accessed over cellular networks in order to more efficiently process satellite-derived data (e.g. RE 2012).

Further categories of location and tracking technologies emerge from time to time. A current example uses means described by the present authors as 'mobile device signatures' (MDS). A device may monitor the signals emanating from a user's mobile device, without being part of the network that the user's device is communicating with. The eavesdropping device may detect particular signal characteristics that distinguish the user's mobile device from others in the vicinity. In addition, it may apply any of the various techniques mentioned above, in order to locate the device. If the signal characteristics are persistent, the eavesdropping device can track the user's mobile device, and hence the person carrying it. No formal literature on MDS has yet been located. The supplier's brief description is at PI (2010b).

The various technologies described in this section are capable of being applied to many purposes. The focus in this paper is on their application to surveillance.

3. Surveillance

The term surveillance refers to the systematic investigation or monitoring of the actions or communications of one or more persons (Clarke 2009c). Until recent times, surveillance was visual, and depended on physical proximity of an observer to the observed. The volume of surveillance conducted was kept in check by the costs involved. Surveillance aids and enhancements emerged, such as binoculars and, later, directional microphones. During the 19th century, the post was intercepted, and telephones were tapped. During the 20th century, cameras enabled transmission of image, video and sound to remote locations, and recording for future use (e.g. Parenti 2003).

With the surge in stored personal data that accompanied the application of computing to administration in the 1970s and 1980s, dataveillance emerged (Clarke 1988). Monitoring people through their digital personae rather than through physical observation of their behaviour is much more economical, and hence many more people can be subjected to it (Clarke 1994). The dataveillance epidemic made it more important than ever to clearly distinguish between personal surveillance - of an identified person who has previously come to attention - and mass surveillance - of many people, not necessarily previously identified, about some or all of whom suspicion could be generated.

Location data is of a very particular nature, and hence it has become necessary to distinguish location surveillance as a sub-set of the general category of dataveillance. There are several categories of location surveillance with different characteristics (Clarke & Wigan 2011):

  • capture of an individual's location at a point in time. Depending on the context, this may support inferences being drawn about an individual's behaviour, purpose, intention and associates
  • real-time monitoring of a succession of locations and hence of the person's direction of movement. This is far richer data, and supports much more confident inferences being drawn about an individual's behaviour, purpose, intention and associates
  • predictive tracking, by extrapolation from the person's direction of movement, enabling inferences to be drawn about near-future behaviour, purpose, intention and associates
  • retrospective tracking, on the basis of the data trail of the person's movements, enabling reconstruction of a person's behaviour, purpose, intention and associates at previous times

Information arising at different times, and from different forms of surveillance, can be combined, in order to offer a more complete picture of a person's activities, and enable yet more inferences to be drawn, and suspicions generated. This is the primary sense in which the term 'überveillance' is applied: "Überveillance has to do with the fundamental who (ID), where (location), and when (time) questions in an attempt to derive why (motivation), what (result), and even how (method/plan/thought). Überveillance can be a predictive mechanism for a person's expected behaviour, traits, likes, or dislikes; or it can be based on historical fact; or it can be something in between ... Überveillance is more than closed circuit television feeds, or cross-agency databases linked to national identity cards, or biometrics and ePassports used for international travel. Überveillance is the sum total of all these types of surveillance and the deliberate integration of an individual's personal data for the continuous tracking and monitoring of identity and location in real time" (Michael & Michael 2010. See also Michael & Michael 2007, Michael et al. 2008, Michael et al. 2010, Clarke 2010).

A comprehensive model of surveillance includes consideration of geographical scope, and of temporal scope. Such a model assists the analyst in answering key questions about surveillance: of what? for whom? by whom? why? how? where? and when? (Clarke 2009c). Distinctions are also needed based on the extent to which the subject has knowledge of surveillance activities. It may be overt or covert. If covert, it may be merely unnotified, or alternatively express measures may be undertaken in order to obfuscate, and achieve secrecy. A further element is the notion of 'sousveillance', whereby the tools of surveillance are applied, by those who are commonly watched, against those who are commonly the watchers (Mann et al. 2003).

These notions are applied in the following sections in order to establish the extent to which location and tracking of mobile devices is changing the game of surveillance, and to demonstrate that location surveillance is intruding more deeply into personal freedoms than previous forms of surveillance.

4. Applications

This section presents a typology of applications of mobile device location, as a means of narrowing down to the kinds of uses that have particularly serious privacy implications. These are commonly referred to as location-based services (LBS). One category of applications provide information services that are for the benefit of the mobile device's user, such as navigation aids, and search and discovery tools for the locations variously of particular, identified organisations, and of organisations that sell particular goods and services. Users of LBS of these kinds can be reasonably assumed to be aware that they are disclosing their location. Depending on the design, the disclosures may also be limited to specific service-providers and specific purposes, and the transmissions may be secured.

Another, very different category of application is use by law enforcement agencies (LEAs). The US E-911 mandate of 1999 was nominally a public safety measure, to enable people needing emergency assistance to be quickly and efficiently located. In practice, the facility also delivered LEAs means for locating and tracking people of interest, through their mobile devices. Personal surveillance may be justified by reasonable grounds for suspicion that the subject is involved in serious crime, and may be specifically authorised by judicial warrant. Many countries have always been very loose in their control over LEAs, however, and many others have drastically weakened their controls since 2001. Hence, in any given jurisdiction and context, each and all of the controls may be lacking.

Yet worse, LEAs use mobile location and tracking for mass surveillance, without any specific grounds for suspicion about any of the many people caught up in what is essentially a dragnet-fishing operation (e.g. Mery 2009). Examples might include monitoring the area adjacent to a meeting-venue watching out for a blacklist of device-identifiers known to have been associated with activists in the past, or collecting device-identifiers for use on future occasions. In addition to netting the kinds of individuals who are of legitimate interest, the 'by-catch' inevitably includes threatened species. There are already extraordinarily wide-ranging (and to a considerable extent uncontrolled) data retention requirements in many countries.

Of further concern is the use of Automated Number Plate Recognition (ANPR) for mass surveillance purposes. This has been out of control in the UK since 2006, and has been proposed or attempted in various other countries as well (Clarke 2009a). Traffic surveillance is expressly used not only for retrospective analysis of the movements of individuals of interest to LEAs, but also as a means of generating suspicions about other people (Lewis 2008).

Beyond LEAs, many government agencies perform social control functions, and may be tempted to conduct location and tracking surveillance. Examples would include benefits-paying organisations tracking the movements of benefits-recipients about whom suspicions have arisen. It is not too far-fetched to anticipate zealous public servants concerned about fraud control imposing location surveillance on all recipients of some particularly valuable benefit, or as a security precaution on every person visiting a sensitive area (e.g. a prison, a power plant, a national park).

Various forms of social control are also exercised by private sector organisations. Some of these organisations, such as placement services for the unemployed, may be performing outsourced public sector functions. Others, such as workers' compensation providers, may be seeking to control personal insurance claimants, and similarly car-hire companies and insurance providers may wish to monitor motor vehicles' distance driven and roads used (Economist 2012).

A further privacy-invasive practice that is already common is the acquisition of location and tracking data by marketing corporations, as a by-product of the provision of location-based services, but with the data then applied to further purposes other than that for which it was intended. Some uses rely on statistical analysis of large holdings ('data mining'). Many uses are, on the other hand, very specific to the individual, and are for such purposes as direct or indirect targeting of advertisements and the sale of goods and services. Some of these applications combine location data with data from other sources, such as consumer profiling agencies, in order to build up such a substantial digital persona that the individual's behaviour is readily influenced. This takes the activity into the realms of überveillance.

All such services raise serious privacy concerns, because the data is intensive and sensitive, and attractive to organisations. Companies may gain rights in relation to the data through market power, or by trickery - such as exploitation of a self-granted right to change the Terms of Service (Clarke 2011). Once captured, the data may be re-purposed by any organisation that gains access to it, because the value is high enough that they may judge the trivial penalties that generally apply to breaches of privacy laws to be well worth the risk.

A recently-emerged, privacy-invasive practice is the application of the mobile device signature (MDS) form of tracking, in such locations as supermarkets. This is claimed by its providers to offer deep observational insights into the behaviour of customers, including dwell-times in front of displays, possibly linked with the purchaser's behaviour. This raises concerns a little different from other categories of location and tracking technologies, and is accordingly considered in greater depth in the following section.

It is noteworthy that an early review identified a wide range of LBS, which the authors classified into mobile guides, transport, gaming, assistive technology and location-based health (Raper et al. 2007b). Yet that work completely failed to notice that a vast array of applications were emergent in surveillance, law enforcement and national security, despite the existence of relevant literature from at least 1999 onwards (Clarke 2001Michael & Masters 2006).

5. Implications

The previous sections have introduced many examples of risks to citizens and consumers arising from location surveillance. This section presents an analysis of the categories and of the degree of seriousness with which they should be viewed. The first topic addressed is the privacy of personal location data. Other dimensions of privacy are then considered, and then the specific case of MDS is examined. The treatment here is complementary to earlier articles that have looked more generally at particular applications such as location-based mobile advertising, e.g. Cleff (2007, 2010) and King & Jessen (2010). See also Art. 29 (2011).

5.1 Locational Privacy

Knowing where someone has been, knowing what they are doing right now, and being able to predict where they might go next is a powerful tool for social control and for chilling behaviour (Abbas 2011). Humans do not move around in a random manner (Song et al. 2010).

One interpretation of 'locational privacy' is that it "is the ability of an individual to move in public space with the expectation that under normal circumstances their location will not be systematically and secretly recorded for later use" (Blumberg & Eckersley 2009). A more concise definition is "the ability to control the extent to which personal location information is ... [accessible and] used by others" (van Loenen et al. 2009). Hence 'tracking privacy' is the interest an individual has in controlling information about their sequence of locations.

Location surveillance is deeply intrusive into data privacy, because it is very rich, and enables a great many inferences to be drawn (Clarke 2001, Dobson & Fisher 2003, Michael et al. 2006aClarke & Wigan 2011). As demonstrated by Raper et al. (2007a, pp. 32-33), most of the technical literature that considers privacy is merely concerned about it as an impediment to deployment and adoption, and how to overcome the barrier rather than how to solve the problem. Few authors adopt a positive approach to privacy-protective location technologies. The same authors' review of applications (Raper et al. 2007b) includes a single mention of privacy, and that is in relation to just one of the scores of sub-categories of application that they catalogue.

Most service-providers are cavalier in their handling of personal data, and extravagant in their claims. For example, Skyhook claims that it "respects the privacy of all users, customers, employees and partners"; but, significantly, it makes no mention of the privacy of the people whose locations, through the locations of their Wifi routers, it collects and stores (Skyhook 2012).

Consent is critical in such LBS as personal location chronicle systems, people-followers and footpath route-tracker systems that systematically collect personal location information from a device they are carrying (Collier 2011c). The data handled by such applications is highly sensitive because it can be used to conduct behavioural profiling of individuals in particular settings. The sensitivity exists even if the individuals remain 'nameless', i.e. if each identifier is a temporary or pseudo-identifier and is not linked to other records. Service-providers, and any other organisations that gain access to the data, achieve the capacity to make judgements on individuals based on their choices of, for example, which retail stores they walk into and which they do not. For example, if a subscriber visits a particular religious bookstore within a shopping mall on a weekly basis, the assumption can be reasonably made that they are in some way affiliated to that religion (Samuel 2008).

It is frequently asserted that individuals cannot have a reasonable expectation of privacy in a public space. Contrary to those assertions, however, privacy expectations always have existed in public places, and continue to exist (VLRC 2010). Tracking the movements of people as they go about their business is a breach of a fundamental expectation that people will be 'let alone'. In policing, for example, in most democratic countries, it is against the law to covertly track an individual or their vehicle without specific, prior approval in the form of a warrant. This principle has, however, been compromised in many countries since 2001. Warrantless tracking using a mobile device generally results in the evidence, which has been obtained without the proper authority, being inadmissible in a court of law (Samuel 2008). Some law enforcement agencies have argued for the abolition of the warrant process because the bureaucracy involved may mean that the suspect cannot be prosecuted for a crime they have likely committed (Ganz 2005). These issues are not new; but far from eliminating a warrant process, the appropriate response is to invest the energy in streamlining this process (Bronitt 2010).

Privacy risks arise not only from locational data of high integrity, but also from data that is or becomes associated with a person and that is inaccurate, misleading, or wrongly attributed to that individual. High levels of inaccuracy and unreliability were noted above in respect of all forms of location and tracking technologies. In the case of MDS services, claims have been made of one-to-two metre locational accuracy. This has yet to be supported by experimental test cases, however, and hence there is uncertainty about the reliability of inferences that the service-provider or the shop-owner draw. If the data is the subject of a warrant or subpoena, the data's inaccuracy could result in false accusations and even a miscarriage of justice, with the 'wrong person' finding themselves in the 'right place' at the 'right time'.

5.2 Privacy More Broadly

Privacy has multiple dimensions. One analysis, in Clarke (2006a), identifies four distinct aspects. Privacy of Personal Data, variously also 'data privacy' and 'information privacy', is the most widely-discussed dimension of the four. Individuals claim that data about themselves should not be automatically available to other individuals and organisations, and that, even where data is possessed by another party, the individual must be able to exercise a substantial degree of control over that data and its use. The last five decades have seen the application of information technologies to a vast array of abuses of data privacy. The degree of privacy-intrusiveness is a function of both the intensity and the richness of the data. Where multiple sources are combined, the impact is particularly likely to chill behaviour. An example is the correlation of video-feeds with mobile device tracking. The previous sub-section addressed that dimension.

Privacy of the Person, or 'bodily privacy', extends from freedom from torture and right to medical treatment, via compulsory immunisation and imposed treatments, to compulsory provision of samples of body fluids and body tissue, and obligations to submit to biometric measurement. Locational surveillance gives rise to concerns about personal safety. Physical privacy is directly threatened where a person who wishes to inflict harm is able to infer the present or near-future location of their target. Dramatic examples include assassins, kidnappers, 'standover merchants' and extortionists. But even people who are neither celebrities nor notorities are subject to stalking and harassment (Fusco et al. 2012).

Privacy of Personal Communications is concerned with the need of individuals for freedom to communicate among themselves, without routine monitoring of their communications by other persons or organisations. Issues include 'mail covers', the use of directional microphones, 'bugs' and telephonic interception, with or without recording apparatus, and third-party access to email-messages. Locational surveillance thereby creates new threats to communications privacy. For example, the equivalent of 'call records' can be generated by combining the locations of two device-identifiers in order to infer that a face-to-face conversation occurred.

Privacy of Personal Behaviour encompasses 'media privacy', but particular concern arises in relation to sensitive matters such as sexual preferences and habits, political activities and religious practices. Some privacy analyses, particularly in Europe, extend this discussion to personal autonomy, liberty and the right of self-determination (e.g. King & Jesson 2010). The notion of 'private space' is vital to economic and social aspects of behaviour, is relevant in 'private places' such as the home and toilet cubicles, but is also relevant and important in 'public places', where systematic observation and the recording of images and sounds are far more intrusive than casual observation by the few people in the vicinity.

Locational surveillance gives rise to rich sets of data about individuals' activities. The knowledge, or even suspicion, that such surveillance is undertaken, chills their behaviour. The chilling factor is vital in the case of political behaviour (Clarke 2008). It is also of consequence in economic behaviour, because the inventors and innovators on whom new developments depend are commonly 'different-thinkers' and even 'deviants', who are liable to come to come to attention in mass surveillance dragnets, with the tendency to chill their behaviour, their interactions and their creativity.

Surveillance that generates accurate data is one form of threat. Surveillance that generates inaccurate data, or wrongly associates data with a particular person, is dangerous as well. Many inferences that arise from inaccurate data will be wrong, of course, but that won't prevent those inferences being drawn, resulting in unjustified behavioural privacy invasiveness, including unjustified association with people who are, perhaps for perfectly good reasons, themselves under suspicion.

In short, all dimensions of privacy are seriously affected by location surveillance. For deeper treatments of the topic, see Michael et al. (2006b) and Clarke & Wigan (2011).

5.3 Locational Privacy and MDS

The recent innovation of tracking by means of mobile device signatures (MDS) gives rise to some issues additional to, or different from, mainstream device-location technologies. This section accordingly considers this particular technique's implications in greater depth. Limited reliable information is currently available, and the analysis is of necessity based on supplier-published sources (PI 2010a, 2010b) and media reports (Collier 2010a, 2010b, 2010c).

A company called Path Intelligence (PI) markets an MDS service to shopping mall-owners, to enable them to better value their floorspace in terms of rental revenues, and to identify points of on-foot traffic congestion to on-sell physical advertising and marketing floorspace (PI 2010a). The company claims to detect each phone (and hence person) that enters a zone, and to capture data, including:

  • how long each device and person stay, including dwell times in front of shop windows;
  • repeat visits by shoppers in varying frequency durations; and
  • typical route and circuit paths taken by shoppers as they go from shop to shop during a given shopping experience.

For malls, PI is able to denote such things as whether or not shoppers who shop at one establishment will also shop at another in the same mall, and whether or not people will go out of their way to visit a particular retail outlet independent of its location. For retailers, PI says it is able to provide information on conversion rates by department or even product line, and even which areas of the store might require more attention by staff during specific times of the day or week (PI 2012).

PI says that it uses "complex algorithms" to denote the geographic position of a mobile, using strategically located "proprietary equipment" in a campus setting (PI 2010a). The company states that it is conducting "data-driven analysis", but is not collecting, or at least that it is is not disclosing, any personal information such as a name, mobile telephone number or contents of a short message service (SMS). It states that it only ever provides aggregated data at varying zone levels to the shopping mall-owners. This is presumably justified on the basis that, using MDS techniques, direct identifiers are unlikely to be available, and a pseudo-identifier needs to be assigned. There is no explicit definition of what constitutes a zone. It is clear, however, that minimally-aggregated data at the highest geographic resolution is available for purchase, and at a higher price than more highly-aggregated data.

Shoppers have no relationship with the company, and it appears unlikely that they would even be aware that data about them is being collected and used. The only disclosure appears to be that "at each of our installations our equipment is clearly visible and labelled with our logo and website address" (PI 2010a), but this is unlikely to be visible to many people, and in any case would not inform anyone who saw it.

In short, the company is generating revenue by monitoring signals from the mobile devices of people who visit a shopping mall for the purchase of goods and services. The data collection is performed without the knowledge of the person concerned (Renegar et al. 2008). The company is covertly collecting personal data and exploiting it for profit. There is no incentive or value proposition for the individual whose mobile is being tracked. No clear statement is provided about collection, storage, retention, use and disclosure of the data (Arnold 2008). Even if privacy were not a human right, this would demand statutory intervention on the public policy grounds of commercial unfairness. The company asserts that the "our privacy approach has been reviewed by the [US Federal Trade Commission] FTC, which determined that they are comfortable with our practices" (PI 20101a). It makes no claims of such 'approval' anywhere else in the world.

The service could be extended beyond a mall and the individual stores within it, to, for example, associated walkways and parking areas, and surrounding areas such as government offices, entertainment zones and shopping-strips. Applications can also be readily envisaged on hospital and university campuses, and in airports and other transport hubs. From prior research, this is likely to expose the individual's place of employment, and even their residence (Michael et al. 2006). Even if only aggregated data is sold to businesses, the individual records remain available to at least the service-provider.

The scope exists to combine this form of locational surveillance with video-surveillance such as in-store CCTV, and indeed this is claimed to be already a feature of the company's offering to retail stores. To the extent that a commonly-used identifier can be established (e.g. through association with the person's payment or loyalty card at a point-of-sale), the full battery of local and externally-acquired customer transaction histories and consolidated 'public records' data can be linked to in-store behaviour (Michael & Michael 2007). Longstanding visual surveillance is intersecting with well-established data surveillance, and being augmented by locational surveillance, giving breath to dataveillance, or what is now being referred to by some as 'smart surveillance' (Wright et al. 2010, IBM 2011).

Surreptitious collection of personal data is (with exemptions and exceptions) largely against the law, even when undertaken by law enforcement personnel. The MDS mechanism also flies in the face of telephonic interception laws. How, then, can it be in any way acceptable for a form of warrantless tracking to be undertaken by or on behalf of corporations or mainstream government agencies, of shoppers in a mall, or travellers in an airport, or commuters in a transport hub? Why should a service-provider have the right to do what a law enforcement agency cannot normally do?

6. Controls

The tenor of the discussion to date has been that location surveillance harbours enormous threats to location privacy, but also to personal safety, the freedom to communicate, freedom of movement, and freedom of behaviour. This section examines the extent to which protections exist, firstly in the form of natural or intrinsic controls, and secondly in the form of legal provisions. The existing safeguards are found to be seriously inadequate, and it is therefore necessary to also examine the prospects for major enhancements to law, in order to achieve essential protections.

6.1 Intrinsic Controls

A variety of forms of safeguard exist against harmful technologies and unreasonable applications of them. The intrinsic economic control has largely evaporated, partly because the tools use electronics and the components are produced in high volumes at low unit cost. Another reason is that the advertising and marketing sectors are highly sophisticated, already hold and exploit vast quantities of personal data, and are readily geared up to exploit yet more data.

Neither the oxymoronic notion of 'business ethics' nor the personal morality of executives in business and government act as any significant brake on the behaviours of corporations and governments, because they are very weak barriers, and they are readily rationalised away in the face of claims of enhanced efficiencies in, for example, marketing communications, fraud control, criminal justice and control over anti-social behaviour.

A further category of intrinsic control is 'self-regulatory' arrangements within relevant industry sectors. In 2010, for example, the Australian Mobile Telecommunications Association (AMTA) released industry guidelines to promote the privacy of people using LBS on mobile devices (AMTA 2010). The guidelines were as follows:

  1. Every LBS must be provided on an opt-in basis with a specific request from a user for the service
  2. Every LBS must comply with all relevant privacy legislation
  3. Every LBS must be designed to guard against consumers being located without their knowledge
  4. Every LBS must allow consumers to maintain full control
  5. Every LBS must enable customers to control who uses their location information and when that is appropriate, and be able to stop or suspend a service easily should they wish

The second point is a matter for parliaments, privacy oversight agencies and law enforcement agencies, and its inclusion in industry guidelines is for-information-only. The remainder, meanwhile, are at best 'aspirational', and at worst mere window-dressing. Codes of this nature are simply ignored by industry members. They are primarily a means to hold off the imposition of actual regulatory measures. Occasional short-term constraints may arise from flurries of media attention, but the 'responsible' organisations escape by suggesting that bad behaviour was limited to a few 'cowboy' organisations or was a one-time error that won't be repeated.

A case study of the industry self-regulation is provided by the Biometrics Code issued by the misleadingly-named Australian industry-and-users association, the Biometrics 'Institute' (BI 2004). During the period 2009-12, the privacy advocacy organisation, the Australian Privacy Foundation (APF), submitted to the Privacy Commissioner on multiple occasions that the Code failed to meet the stipulated requirements and under the Commissioner's own Rules had to be de-registered. The Code never had more than five subscribers (out of a base of well over 100 members - which was itself only a sub-set of organisations active in the area), and had no signatories among the major biometrics vendors or users, because all five subscribers were small organisations or consultants. In addition, none of the subscribers appear to have ever provided a link to the Code on their websites or in their Privacy Policy Statements (APF 2012).

The Commissioner finally ended the farce in April 2012, citing the "low numbers of subscribers", but avoided its responsibilities by permitting the 'Institute' to "request" revocation, over two years after the APF had made the same request (OAIC 2012). The case represents an object lesson in the vacuousness of self-regulation and the business-friendliness of a captive privacy oversight agency.

If economics, morality and industry-sector politics are inadequate, perhaps competition and organisational self-interest might work. On the other hand, repeated proposals that privacy is a strategic factor for corporations and government agencies have fallen on stony ground (Clarke 19962006b).

The public can endeavour to exercise countervailing power against privacy-invasive practices. On the other hand, individuals acting alone are of little or no consequence to organisations that are intent on the application of location surveillance. Moreover, consumer organisations lack funding, professionalism and reach, and only occasionally attract sufficient media attention to force any meaningful responses from organisations deploying surveillance technologies.

Individuals may have direct surveillance countermeasures available to them, but relatively few people have the combination of motivation, technical competence and persistence to overcome lethargy and the natural human desire to believe that the institutions surrounding them are benign. In addition, some government agencies, corporations and (increasingly prevalent) public-private partnerships seek to deny anonymity, pseudonymity and multiple identities, and to impose so-called 'real name' policies, for example as a solution to the imagined epidemics of cyber-bullying, hate speech and child pornography. Individuals who use cryptography and other obfuscation techniques have to overcome the endeavours of business and government to stigmatise them as criminals with 'something to hide'.

6.2 Legal Controls

It is clear that natural or intrinsic controls have been utter failures in privacy matters generally, and will be in locational privacy matters as well. That leaves legal safeguards for personal freedoms as the sole protection. There are enormous differences among domestic laws relating to location surveillance. This section accordingly limits itself to generalities and examples.

Privacy laws are (with some qualifications, mainly in Europe) very weak instruments. Even where public servants and parliaments have an actual intention to protect privacy, rather than merely to overcome public concerns by passing placebo statutes, the draft Bills are countered by strong lobbying by government agencies and industry, to the extent that measures that were originally portrayed as being privacy-protective reach the statute books as authority for privacy breaches and surveillance (Clarke 2000).

Privacy laws, once passed, are continually eroded by exceptions built into subsequent legislation, and by technological capabilities that were not contemplated when the laws were passed. In most countries, location privacy has yet to be specifically addressed in legislation. Even where it is encompassed by human rights and privacy laws, the coverage is generally imprecise and ambiguous. More direct and specific regulation may exist, however. In Australia, for example, the Telecommunications (Interception and Access) Act and the Surveillance Devices Act define and criminalise inappropriate interception and access, use, communication and publication of location information that is obtained from mobile device traffic (AG 2005). On the other hand, when Google Inc. intercepted wi-fi signals and recorded the data that they contained, the Privacy Commissioner absolved the company (Riley 2010), and the Australian Federal Police refused to prosecute despite the action - whether it was intentional, 'inadvertent' or merely plausibly deniable - being a clear breach of the criminal law (Moses 2010).

The European Union determined a decade ago that location data that is identifiable to individuals is to some extent at least subject to existing data protection laws (EU 2002). However, the wording of that so-called 'e-Privacy Directive' countenances the collection of "location data which are more precise than is necessary for the transmission of communications", without clear controls over the justification, proportionality and transparency of that collection (para. 35). In addition, the e-Privacy Directive only applies to telecommunications service providers, not to other organisations that acquire location and tracking data. King & Jessen (2010) discuss various gaps in the protective regimes in Europe.

The EU's Advisory Body (essentially a Committee of European Data Protection Commissioners) has issued an Opinion that mobile location data is generally capable of being associated with a person, and hence is personal data, and hence is subject to the EU Directive of 1995 and national laws that implement that Directive (Art. 29 2011). Consent is considered to be generally necessary, and that consent must be informed, and sufficiently granular (pp. 13-18).

It is unclear, however, to what extent this Opinion has actually caused, and will in the future cause, organisations that collect, store, use and disclose location data to change their practices. This uncertainty exists in respect of national security, law enforcement and social control agencies, which have, or which can arrange, legal authority that overrides data protection laws. It also applies to non-government organisations of all kinds, which can take advantage of exceptions, exemptions, loopholes, non-obviousness, obfuscation, unenforceability within each particular jurisdiction, and extra-jurisdictionality, to operate in ways that are in apparent breach of the Opinion.

Legal authorities for privacy-invasions are in a great many cases vague rather than precise, and in many jurisdictions power in relation to specific decisions is delegated to an LEA (in such forms as self-written 'warrants'), or even a social control agency (in the form of demand-powers), rather than requiring a decision by a judicial officer based on evidence provided by the applicant.

Citizens in many countries are subject to more or less legitimate surveillance of various degrees and orders of granularity, by their government, in the name of law enforcement and national security. However, many Parliaments have granted powers to national security agencies to use location technology to track citizens and to intercept telecommunications. Moreover, many Parliaments have failed the public by permitting a warrant to be signed by a Minister, or even a public servant, rather than a judicial officer (Jay 1999). Worse still, it appears that these already-gross breaches of the principle of a free society are in effect being extended to the authorisation of a private organisation to track mobiles of ordinary citizens because it may lead to better services planning, or more efficient advertising and marketing (Collier 2011a).

Data protection legislation in all countries evidences massive weaknesses. There are manifold exemptions and exceptions, and there are intentional and accidental exclusions, for example through limitations in the definitions of 'identified' and 'personal data'. Even the much-vaunted European laws fail to cope with extra-territoriality and are largely ignored by US-based service-providers. They are also focussed exclusively on data, leaving large gaps in safeguards for physical, communications and behavioural privacy.

Meanwhile, a vast amount of abuse of personal data is achieved through the freedom of corporations and government agencies to pretend that Terms imposed on consumers and citizens without the scope to reject them are somehow the subject of informed and freely-given consent. For example, petrol-stations, supermarkets and many government agencies pretend that walking past signs saying 'area subject to CCTV' represents consent to gather, transmit, record, store, use and disclose data. The same approach is being adopted in relation to highly-sensitive location data, and much-vaunted data protection laws are simply subverted by the mirage of consent.

At least notices such as 'you are now being watched' or 'smile, you are being recorded' inform customers that they are under observation. On the other hand, people are generally oblivious to the fact that their mobile subscriber identity is transmitted from their mobile phone and multilaterated to yield a reasonably precise location in a shopping mall (Collier 2011a, b, c). Further, there is no meaningful sense in which they can be claimed to have consented to providing location data to a third party, in this case a location service-provider with whom they have never had contact. And the emergent combination of MDS with CCTV sources becomes a pervasive view of the person, an 'über' view, providing a set of über-analytics to - at this stage - shopping complex owners and their constituents.

What rights do employees have if such a system were instituted in an employment setting? Are workplace surveillance laws in place that would protect employees from constant monitoring? A similar problem applies to people at airports, or on hospital, university, industrial or government campuses. No social contract has been entered into between the parties, rendering the subscriber powerless.

Since the collapse of the Technology Assessment movement, technological deployment proceeds unimpeded, and public risks are addressed only after they have emerged and the clamour of concern has risen to a crescendo. A reactive force is at play, rather than proactive measures being taken to ensure avoidance or mitigation of potential privacy breaches. In Australia, for example, safeguards for location surveillance exist at best incidentally, in provisions under separate legislative regimes and in separate jurisdictions, and at worst not at all. No overarching framework exists to provide consistency among the laws. This causes confusion and inevitably results in inadequate protections (ALRC 2008).

6.3 Prospective Legal Controls

Various learned studies have been conducted, but gather dust. In Australia, the three major law reform commissions have all reported, and all have been ignored by the legislatures (NSWLRC 2005ALRC 2008VLRC 2010).

One critical need is for the fundamental principle to be recovered, to the effect that the handling of personal data requires either consent or legal authority. Consent is meaningless as a control over unreasonable behaviour, however, unless it satisfies a number of key conditions. It must be informed, it must be freely-given, and it must be sufficiently granular, not bundled (Clarke 2002). In a great many of the circumstances in which organisations are claiming to have consent to gather, store, use and disclose location data, the consumer does not appreciate what the scope of handling is that the service-provider is authorising themselves to perform; the Terms are imposed by the service-provider and may even be varied or completely re-written without consultation, a period of notice or even any notice at all; and consent is bundled rather than the individual being able to construct a pattern of consents and denials that suit their personal needs. Discussions all too frequently focus on the specifically-US notion of 'opt-out' (or 'presumed consent'), with consent debased to 'opt-in', and deprecated as inefficient and business-unfriendly.

Recently, some very weak proposals have been put forward, primarily in the USA. In 2011, for example, two US Senators proposed a Location Privacy Protection Bill (Cheng 2011). An organisation that collected location data from mobile or wireless data devices would have to state explicitly in their privacy policies what was being collected, in plain English. This would represent only a partial implementation of the already very weak 2006 recommendation of the Internet Engineering Task Force for Geographic Location/Privacy (IETF GEOPRIV) working group, which decided that technical systems should include `Fair Information Practices' (FIPs) to defend against harms associated with the use of location technologies (EPIC 2006). FIPs, however, is itself only a highly cut-down version of effective privacy protections, and the Bill proposes only a small fraction of FIPs. It would be close to worthless to consumers, and close to legislative authorisation for highly privacy-invasive actions by organisations.

Two other US senators tabled a GPS Bill, nominally intended to "balance the needs of Americans' privacy protections with the legitimate needs of law enforcement, and maintains emergency exceptions" (Anderson 2011). The scope is very narrow - next would have to come the Wi-Fi Act, the A-GPS Act, etc. That approach is obviously unviable in the longer term as new innovations emerge. Effective legislation must have appropriate generality rather than excessive technology-specificity, and should be based on semantics not syntax. Yet worse, these Bills would provide legal authorisation for grossly privacy-invasive location and tracking. IETF engineers, and now Congressmen, want to compromise human rights and increase the imbalance of power between business and consumers.

7. Conclusions

Mobile device location technologies and their applications are enabling surveillance, and producing an enormous leap in intrusions into data privacy and into privacy of the person, privacy of personal communications, and privacy of personal behaviour.

Existing privacy laws are entirely incapable of protecting consumers and citizens against the onslaught. Even where consent is claimed, it generally fails the tests of being informed, freely-given and granular.

There is an urgent need for outcries from oversight agencies, and responses from legislatures. Individual countries can provide some degree of protection, but the extra-territorial nature of so much of the private sector, and the use of corporate havens, in particular the USA, mean that multilateral action is essential in order to overcome the excesses arising from the US laissez faire traditions.

One approach to the problem would be location privacy protection legislation, although it would need to embody the complete suite of protections rather than the mere notification that the technology breaches privacy. An alternative approach is amendment of the current privacy legislation and other anti-terrorism legislation in order to create appropriate regulatory provisions, and close the gaps that LBS providers are exploiting (Koppel 2010).

The chimeras of self-regulation, and the unenforceability of guidelines, are not safeguards. Sensitive data like location information must be subject to actual, enforced protections, with guidelines and codes no longer used as a substitute, but merely playing a supporting role. Unless substantial protections for personal location information are enacted and enforced, there will be an epidemic of unjustified, disproportionate and covert surveillance, conducted by government and business, and even by citizens (Gillespie 2009, Abbas et al. 2011).

References

Abbas R. (2011) 'The social and behavioural implications of location-based services: An observational study of users' Journal of Location Based Services, 5, 3-4 (December 2011)

Abbas R., Michael K., Michael m.g. & Aloudat A. (2011) 'Emerging forms of covert surveillance using GPS-enabled devices', Journal of Cases on Information Technology, 13, 2 (2011) 19-33

AG (2005) 'What the Government is doing: Surveillance Device Act 2004', 25 May 2005, Australian Government, at http://www.ag.gov.au/agd/www/nationalsecurity.nsf/AllDocs/9B1F97B59105AEE6CA2570C0014CAF5?OpenDocument

ALRC (2008) 'For your information: Australian privacy law and practice (ALRC Report 108)', Australian Government, 2, pp. 1409-10, http://www.alrc.gov.au/publications/report-108

AMTA (2010) 'New mobile telecommunications industry guidelines and consumer tips set benchmark for Location Based Services', Australian Mobile Telecommunications Association, 2010, athttp://www.amta.org.au/articles/New.mobile.telecommunications.industry.guidelines.and.consumer.tips.set.benchmark.for.Location.Based.Services

Anderson N. (2011) 'Bipartisan bill would end government's warrantless GPS tracking', Ars Technica, June 2011, at http://arstechnica.com/tech-policy/news/2011/06/bipartisan-bill-would-end-governments-warrantless-gps-tracking.ars

APF (2012) 'Revocation of the Biometrics Industry Code' Australian Privacy Foundation, March 2012, at http://www.privacy.org.au/Papers/OAIC-BiomCodeRevoc-120321.pdf

Arnold B. (2008) 'Privacy guide', Caslon Analytics, May 2008, at http://www.caslon.com.au/privacyguide19.htm

Art. 29 (2011) 'Opinion 13/2011 on Geolocation services on smart mobile devices' Article 29 Data Protection Working Party , 881/11/EN WP 185, 16 May 2011, at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp185_en.pdf

BI (2004) 'Privacy Code' Biometrics Institute, Sydney, April 2004, at http://web.archive.org/web/20050424120627/http://www.biometricsinstitute.org/displaycommon.cfm?an=1&subarticlenbr=8

Blumberg A.J. & Eckersley P. (2009) 'On locational privacy, and how to avoid losing it forever' Electronic Frontier Foundation, August 2009, at https://www.eff.org/wp/locational-privacy

Bronitt S. (2010) 'Regulating covert policing methods: from reactive to proactive models of admissibility', in S. Bronitt, C. Harfield and K. Michael (eds.), The Social Implications of Covert Policing, 2010, pp. 9-14

Cheng J. (2011) 'Franken's location-privacy bill would close mobile-tracking 'loopholes'', Wired, 17 June 2011, at http://www.wired.com/epicenter/2011/06/franken-location-loopholes/

Chetty K., Smith G.E. & Woodbridge K. (2012) 'Through-the-Wall Sensing of Personnel Using Passive Bistatic WiFi Radar at Standoff Distances' IEEE Transactions on Geoscience and Remote Sensing 50, 4 (Aril 2012) 1218 - 1226

Clarke R. (1988) 'Information technology and dataveillance', Communications of the ACM, 31(5), May 1988, pp498-512, at http://www.rogerclarke.com/DV/CACM88.html

Clarke R. (1994) 'The Digital Persona and its Application to Data Surveillance' The Information Society 10,2 (June 1994) 77-92, at http://www.rogerclarke.com/DV/DigPersona.html

Clarke R. (1996) 'Privacy and Dataveillance, and Organisational Strategy' Proc. I.S. Audit & Control Association (EDPAC'96), Perth, Western Australia, May 1996, athttp://www.rogerclarke.com/DV/PStrat.html

Clarke R. (2000) 'Submission to the Commonwealth Attorney-General re: 'A privacy scheme for the private sector: Release of Key Provisions' of 14 December 1999' Xamax Consultancy Pty Ltd, January 2000, at http://www.anu.edu.au/people/Roger.Clarke/DV/PAPSSub0001.html

Clarke R. (2001) 'Person-Location and Person-Tracking: Technologies, Risks and Policy Implications' Information Technology & People 14, 2 (Summer 2001) 206-231, athttp://www.rogerclarke.com/DV/PLT.html

Clarke R. (2002) 'e-Consent: A Critical Element of Trust in e-Business' Proc. 15th Bled Electronic Commerce Conference, Bled, Slovenia, June 2002, at http://www.rogerclarke.com/EC/eConsent.html

Clarke R. (2006a) 'What's 'Privacy'?' Xamax Consultancy Pty Ltd, August 2006, at http://www.rogerclarke.com/DV/Privacy.html

Clarke R. (2006b) 'Make Privacy a Strategic Factor - The Why and the How' Cutter IT Journal 19, 11 (October 2006), at http://www.rogerclarke.com/DV/APBD-0609.html

Clarke R. (2008) 'Dissidentity: The Political Dimension of Identity and Privacy' Identity in the Information Society 1, 1 (December, 2008) 221-228, at http://www.rogerclarke.com/DV/Dissidentity.html

Clarke R. (2009a) 'The Covert Implementation of Mass Vehicle Surveillance in Australia' Proc 4th Workshop on the Social Implications of National Security: Covert Policing, April 2009, ANU, Canberra, at http://www.rogerclarke.com/DV/ANPR-Surv.html

Clarke R. (2009b) 'A Sufficiently Rich Model of (Id)entity, Authentication and Authorisation' Proc. IDIS 2009 - The 2nd Multidisciplinary Workshop on Identity in the Information Society, LSE, 5 June 2009, at http://www.rogerclarke.com/ID/IdModel-090605.html

Clarke R. (2009c) 'A Framework for Surveillance Analysis' Xamax Consultancy Pty Ltd, August 2009, at http://www.rogerclarke.com/DV/FSA.html

Clarke R. (2010) 'What is Überveillance? (And What Should Be Done About It?)' IEEE Technology and Society 29, 2 (Summer 2010) 17-25, at http://www.rogerclarke.com/DV/RNSA07.html

Clarke R. (2011) 'The Cloudy Future of Consumer Computing' Proc. 24th Bled eConference, June 2011, at http://www.rogerclarke.com/EC/CCC.html

Clarke R. & Wigan M. (2011) 'You are where you've been: The privacy implications of location and tracking technologies' Journal of Location Based Services 5, 3-4 (December 2011) 138-155, PrePrint athttp://www.rogerclarke.com/DV/YAWYB-CWP.html

Cleff E.B. (2007) 'Implementing the legal criteria of meaningful consent in the concept of mobile advertising' Computer Law & Security Review 23,2 (2007) 262-269

Cleff E.B. (2010) 'Effective approaches to regulate mobile advertising: Moving towards a coordinated legal, self-regulatory and technical response' Computer Law & Security Review 26, 2 (2010) 158-169

Collier K. (2011a) 'Stores spy on shoppers', Herald Sun, 12 October 2011, at http://www.heraldsun.com.au/news/more-news/stores-spy-on-shoppers/story-fn7x8me2-1226164244739

Collier K. (2011b) 'Shopping centres' Big Brother plan to track customers', Herald Sun, 14 October 2011, at http://www.heraldsun.com.au/news/more-news/shopping-centres-big-brother-plan-to-track-customers/story-fn7x8me2-1226166191503

Collier K. (2011c) ''Creepy' Path Intelligence retail technology tracks shoppers', news.com.au, 14 October 2011, at http://www.news.com.au/money/creepy-retail-technology-tracks-shoppers/story-e6frfmci-1226166413071

Dahunsi F. & Dwolatzky B. (2012) 'An empirical investigation of the accuracy of location-based services in South Africa' Journal of Location Based Services 6, 1 (March 2012) 22-34

Dobson J. & Fisher P. (2003) 'Geoslavery' IEEE Technology and Society 22 (2003) 47-52, cited in Raper et al. (2007)

Economist (2012) 'Vehicle data recorders - Watching your driving' The Economist' 23 June 2012, at http://www.economist.com/node/21557309

EPIC (2006) 'Privacy and human rights report 2006' Electronic Privacy Information Center, WorldLII, 2006, at http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-Location.html

EPIC (2012) 'Investigations of Google Street View' Electronic Privacy Information Center, 2012, at http://epic.org/privacy/streetview/

EU (2002) 'Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)' Official Journal L 201 , 31/07/2002 P. 0037 - 0047, European Commission, at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML

Figueiras J. & Frattasi S. (2010) 'Mobile Positioning and Tracking: From Conventional to Cooperative Techniques' Wiley, 2010

Fusco S.J., Abbas R., Michael K. & Aloudat A. (2012) 'Location-Based Social Networking and its Impact on Trust in Relationships' IEEE Technology and Society Magazine 31,2 (Summer 2012) 39-50, athttp://works.bepress.com/cgi/viewcontent.cgi?article=1326&context=kmichael

Gallagher T. et al. (2009) 'Trials of commercial Wi-Fi positioning systems for indoor and urban canyons' Proc. IGNSS Symposium, 1-3 December 2009, Queensland, cited in Zandbergen (2012)

Ganz J.S. (2005) 'It's already public: why federal officers should not need warrants to use GPS vehicle tracking devices', Journal of Criminal Law and Criminology 95, 4 (Summer 2005) 1325-37

Gillespie A.A. (2009) 'Covert surveillance, human rights and the law', Irish Criminal Law Journal, 19, 3 (August 2009) 71-79

IBM (2011) 'IBM Smart Surveillance System (Previous PeopleVision Project)', IBM Research, 30 October 2011, at http://www.research.ibm.com/peoplevision/

Jay D.M. (1999) 'Use of covert surveillance obtained by search warrant', Australian Law Journal, 73, 1 (Jan 1999) 34-36

King N.J. & Jessen P.W. (2010) 'Profiling the mobile customer - Privacy concerns when behavioural advertisers target mobile phones' Computer Law & Security Review 26, 5 (2010) 455-478 and 26, 6 (2010) 595-612

Koppel A. (2010) 'Warranting a warrant: Fourth Amendment concerns raised by law enforcement's warrantless use of GPS and cellular phone tracking', University of Miami Law Review 64, 3 (April 2010) 1061-1089

Lewis P. (2008) 'Fears over privacy as police expand surveillance project' The Guardian, 15 September 2008, at http://www.guardian.co.uk/uk/2008/sep/15/civilliberties.police

McGuire M., Plataniotis K.N. & Venetsanopoulos A.N. (2005) 'Data fusion of power and time measurements for mobile terminal location' IEEE Transaction on Mobile Computing 4 (2005) 142-153, cited in Raper et al. (2007)

Mann S., Nolan J. & Wellman B. (2003) 'Sousveillance: Inventing and Using Wearable Computing Devices for Data Collection in Surveillance Environments' Surveillance & Society 1, 3 (June 2003) 331-355, at http://www.surveillance-and-society.org/articles1(3)/sousveillance.pdf

Mautz R. (2011) 'Overview of Indoor Positioning Technologies' Keynote, Proc. IPIN'2011, Guimaraes, September 2011, at http://www.geometh.ethz.ch/people/.../IPIN_Keynote_Mautz_2011.pdf

Mery D. (2009) 'The mobile phone as self-inflicted surveillance - And if you don't have one, what have you got to hide?' The Register, 10 April 2009, athttp://www.theregister.co.uk/2009/04/10/mobile_phone_tracking/

Michael K. & Michael M.G. (2007) 'From Dataveillance to Überveillance and the Realpolitik of the Transparent Society' University of Wollongong, 2007, at http://works.bepress.com/kmichael/51

Michael K. & Michael M.G. (2009) 'Innovative Automatic Identification and Location-Based Services: From Bar Codes to Chip Implants' IGI Global, 2009

Michael M.G. & Michael K. (2010) 'Towards a state of uberveillance' IEEE Technology and Society Magazine 29, 2 (Summer 2010) 9-16, at http://works.bepress.com/kmichael/187

Michael K., McNamee A., Michael M.G. & Tootell H. (2006a) 'Location-Based Intelligence - Modeling Behavior in Humans using GPS' Proc. Int'l Symposium on Technology and Society, New York, 8-11 June 2006, at http://ro.uow.edu.au/cgi/viewcontent.cgi?article=1384&context=infopapers

Michael K., McNamee A. & Michael M.G. (2006b) 'The Emerging Ethics of Humancentric GPS Tracking and Monitoring' Proc. Int'l Conf. on Mobile Business, Copenhagen, Denmark IEEE Computer Society, 2006, at http://ro.uow.edu.au/cgi/viewcontent.cgi?article=1384&context=infopapers

Michael M.G., Fusco S.J. & Michael K (2008) 'A Research Note on Ethics in the Emerging Age of Uberveillance (Überveillance)' Computer Communications, 31(6), 2008, 1192-119, athttp://works.bepress.com/kmichael/32/

Michael K. & Masters A. (2006) 'Realized Applications of Positioning Technologies in Defense Intelligence' in Hussein Abbass H. & Essam D. (eds.) 'Applications of Information Systems to Homeland Security and Defense' Idea Group Publishing, 2006, at http://works.bepress.com/kmichael/2

Michael K., Roussos G., Huang G.Q., Gadh R., Chattopadhyay A., Prabhu S. & Chu P. (2010) 'Planetary-scale RFID services in an age of uberveillance' Proceedings of the IEEE 98, 9 (2010) 1663-1671

Moses A. (2010) 'Google escapes criminal charges for Wi-Fi snooping', The Sydney Morning Herald, 6 December 2010, at http://www.smh.com.au/technology/security/google-escapes-criminal-charges-for-wifi-snooping-20101206-18lot.html

NSWLRC (2005) 'Surveillance' Report 108 , NSW Law Reform Commission, 2005, at http://www.lawlink.nsw.gov.au/lawlink/lrc/ll_lrc.nsf/pages/LRC_r108toc

OAIC (2012) '' Office of the Australian Information Commissioner, April 2012, at http://www.comlaw.gov.au/Details/F2012L00869/Explanatory%20Statement/Text

Otterberg A.A. (2005) 'Note: GPS tracking technology: The case for revisiting Knotts and shifting the Supreme Court's theory of the public space under the Fourth Amendment', Boston College Law Review 46 (2005) 661-704

Parenti C. (2003) 'The Soft Cage: Surveillance in America From Slavery to the War on Terror'  Basic Books, 2003

PI (2010a) 'Our Commitment to Privacy', Path Intelligence, 2010, heading changed in late 2012 to 'Privacy by design', at http://www.pathintelligence.com/en/products/footpath/privacy

PI (2010b) 'FootPath Technology', Path Intelligance, 2010, at http://www.pathintelligence.com/en/products/footpath/footpath-technology

PI (2012) 'Retail' Path Intelligence, 2012, at http://www.pathintelligence.com/en/industries/retail

Raper J., Gartner G., Karimi H. & Rizos C. (2007a) 'A critical evaluation of location based services and their potential' Journal of Location Based Services 1, 1 (March 2007) 5-45

Raper J., Gartner G., Karimi H. & Rizos C. (2007b) 'Applications of location-based services: a selected review' Journal of Location Based Services 1, 2 (June 2007) 89-111

RE (2010a) 'IEEE 802.11 standards tutorial' Radio-Electronics.com, apparently of 2010, at http://www.radio-electronics.com/info/wireless/wi-fi/ieee-802-11-standards-tutorial.php

RE (2010b) 'WiMAX IEEE 802.16 technology tutorial' Radio-Electronics.com, apparently of 2010, at http://www.radio-electronics.com/info/wireless/wimax/wimax.php

RE (2012) 'Assisted GPS, A-GPS' Radio-Electronics.com, apparently of 2012, at http://www.radio-electronics.com/info/cellulartelecomms/location_services/assisted_gps.php

Renegar B.D., Michael K. & Michael M.G. (2008) 'Privacy, value and control issues in four mobile business applications' Proc. 7th Int'l Conf. on Mobile Business, 2008, pp. 30-40

Riley J. (2010) 'Gov't 'travesty' in Google privacy case', ITWire, Wednesday 3 November 2010, 20:44, at http://www.itwire.com/it-policy-news/regulation/42898-govt-travesty-in-google-privacy-case

Samuel I.J. (2008) 'Warrantless location tracking', New York University Law Review, 83 (2008) 1324-1352

SHW (2012) 'Skyhook Location Performance', at http://www.skyhookwireless.com/location-technology/performance.php

Skyhook (2012) Website Entries, including 'Frequently Asked Questions' at http://www.skyhookwireless.com/whoweare/faq.php, 'Privacy Policy' athttp://www.skyhookwireless.com/whoweare/privacypolicy.php and 'Location Privacy' at http://www.skyhookwireless.com/whoweare/privacy.php,

Song C., Qu Z., Blumm N. & Barabási A.-L. (2010) 'Limits of predictability in human mobility' Science 327, 5968 (2010) 1018-1021

USGov (2012) 'GPS Accuracy' National Coordination Office for Space-Based Positioning, Navigation, and Timing, February 2012, at http://www.gps.gov/systems/gps/performance/accuracy/

van Loenen B., Zevenbergen J. & de Jong J. (2009) 'Balancing Location Privacy with National Security: A Comparative Analysis of Three Countries through the Balancing Framework of the European Court Of Human Rights' Ch. 2 of Patten N.J. et al. 'National Security: Institutional Approaches', Nova Science Publishers, 2009

VLRC (2010) 'Surveillance in Public Spaces' Victorian Law Reform Commission, Final Report 18, March 2010, athttp://www.lawreform.vic.gov.au/wps/wcm/connect/justlib/Law+Reform/resources/3/6/36418680438a4b4eacc0fd34222e6833/Surveillance_final_report.pdf

Wright D., Friedewald M., Gutwirth S., Langheinrich M., Mordini E., Bellanova R., De Hert P., Wadhwa K. & Bigo D. (2010) 'Sorting out smart surveillance' Computer Law & Security Review 26, 4 (2010) 343-354

Zandbergen P.A. (2012) 'Comparison of WiFi positioning on two mobile devices' Journal of Location Based Services 6, 1 (March 2012) 35-50

Acknowledgements

A preliminary version of the analysis presented in this paper appeared in the November 2011 edition of Precedent, the journal of the Lawyers Alliance. The article has been significantly upgraded as a result of comments provided by the referees and editor.

Author Affiliations

Katina Michael is an Associate Professor in the School of Information Systems and Technology at the University of Wollongong. She is the editor in chief of the IEEE Technology and Society Magazine, is on the editorial board of Computers & Security, and is a co-editor of 'Social Implications of Covert Policing' (2010). She is a Board member of the Australian Privacy Foundation and a representative of the Consumer Federation of Australia.

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in theResearch School of Computer Science at the Australian National University. He is currently Chair of the Australian Privacy Foundation, and an Advisory Board member of Privacy International.

Control, trust, privacy, and security: LBS

4135773-graphic-1-small.gif

Location-based services (LBS) are those applications that utilize the position of an end-user, animal, or thing based on a given device (handheld, wearable, or implanted), for a particular purpose. LBS applications range from those that are mission-critical to those that are used for convenience, from those that are mandatory to those that are voluntary, from those that are targeted at the mass market to those that cater to the needs of a niche market. Location services can be implemented using a variety of access media including global positioning systems and radio-frequency identification, rendering approximate or precise position details.

The introduction of location-based services, which are growing in sophistication and complexity, has brought with it a great deal of uncertainty. Unaddressed topics include: accountability for the accuracy and availability of location information, prioritization and location frequency reporting, the user's freedom to opt-in and opt-out of services, caregiver and guardian rights and responsibilities, the transparency of transactions, and the duration of location information storage. Some of these issues are the focus of court cases across the United States, usually between service providers and disgruntled end-users or law enforcement agencies and suspected criminals.

While we can wait for the courts to set precedents and then take legislative action to learn about how we should act and what we should accept as morally right or wrong, this is only a small part in considering the emerging ethics of an innovation such as location-based services. Laws, similar to global technical standards, usually take a long time to enact. A more holistic approach is required to analyze technology and social implications. This article uses scenarios, in the form of short stories to summarize and draw out the likely issues that could arise from widespread adoption of LBS. It is a plausible future scenario, grounded in the realism of today's technological capabilities.

Role of Scenarios in the Study of Ethics

Articles on ethics in engineering and computing, for the greater part, have been about defining, identifying and describing types of ethics, and emphasizing the importance of ethics in the curriculum and the workplace. A small number of ethics-related studies more directly concerned with invention and innovation consider the possible trajectories of emerging technologies and their corresponding social implications [1], [2]. Within the engineering field, these studies commonly take on the guise of either short stories or case-based instruction [3], [4]. This article uses scenario planning to identify the possible risks related to location-based services in the context of security and privacy. While “day-in-the-life scenarios” have been popular in both human-computer interaction and software engineering studies, they have not been prevalent in the ethics literature [5].

When is a person sufficiently impaired to warrant monitoring?

The most well-known usage of stories related to ethical implications of technology have been constructed by Richard G. Epstein [6]. His 37 stories in the Artificial Intelligence Stories Web are organized thematically based on how the human experience is affected by the technology [7]. Of fiction, Epstein writes that it is “a great device to help one envision the future and to imagine new concepts and even applications” [8]. His Silicon Valley Sentinel-Observer's Series ran as a part of Computers and Society [9]. John M. Artz has written about the importance of stories advancing our knowledge when exploring areas where we do not fully understand a phenomenon [10]. Artz calls stories and our imagination “headlights” that allow us to consider what might lie beyond: “[c]onsider imagination as the creative capacity to think of possibilities. Imagination lets us see the world, not as it is, but as it could be. And seeing the world as it could be allows us to make choices about how it should be.” In 1988, Artz indicated the shortage in short stories in the field, and this paper addresses the shortage by focusing on LBS.

The definition of a scenario used in this paper is “[a]n internally consistent view of what the future might turn out to be” [11]. Scenarios can be used to combine various separate forecasts that pertain to a single topic [12], designed to provide an overall picture of a possible future, and to describe this future in such a way that it is accessible to a layperson in the subject. According to Godet a scenario “must simultaneously be pertinent, coherent, plausible, important and transparent” [13].

The Track, Analyze, Image, Decide, Act (TAIDA) scenario planning framework is used here with respect to LBS to i) identify aspects of the current situation that may have an impact on the future under consideration; ii) deliberate on the possible future consequences of the aspects identified in tracking; iii) approach possible changes intuitively to create a plausible future, “to create not only an intellectual understanding but also an emotional meaning,” iv) determine what should be done about a given scenario in response to issues raised, and v) offer recommendations that will address these issues [14]. Analysis of the future scenario presented will be conducted using deconstruction to draw out the social implications. Deconstruction is an approach to literary analysis that aims “to create an interpretation of the setting or some feature of it to allow people… to have a deeper understanding” [15].

The Roman philosopher Seneca said: “[t]here is no favorable wind for the man who knows not where he is going” [13]. There is certainly merit in exploring the potential effects of LBS before they occur. As Michael and Michael highlight: “[m]ost alarming is the rate of change in technological capabilities without a commensurate and involved response from an informed community on what these changes actually “mean” in real and applied terms, not only for the present but also for the future” [16]. “[T]oday's process of transition allows us to perceive what we are losing and what we are gaining; this perception will become impossible the moment we fully embrace and feel fully at home in the new technologies” [17].

The scenario “Control Unwired” continues five short stories and is set in Australia. The critical analysis that follows is also presented within a predominantly Australian context.

Control Unwired

Vulnerability-The Young Lady

The street appeared to be deserted. Kate wasn't surprised – this part of town always quieted down at night, especially on weekday evenings like this one. There wasn't much around except office buildings and coffee shops that served to provide a steady stream of caffeine to the office workers.

If a person's resistance is bypassed or circumvented, their adaptive capacities can be overloaded, inducing feelings of desperation and helplessness.

Kate fished her smart phone out of the pocket of her grey suit jacket [18], [19]. Pressing a few buttons, she navigated through the on-screen menu to the Services option, then to Call a Taxi [20]. The device beeped at her, flashing the message: No signal available [21].

Kate swore, shoving the PDA back into her bag. The surrounding buildings must have been blocking the GPS signal [22]. She knew she needed to get to a more open area.

What a pain, she thought. They overload me with cases, expect me to stay late, and then the gadget they give me to get home doesn't work.

Although Kate was irritated more than anything else, there was a niggling sort of apprehension in the pit of her stomach. She felt alone – very alone, and not at all comfortable being by herself, at eleven in the evening, in a deserted place.

Shaking off the uneasiness, she berated herself. Get a grip, Kate. You're not a child.

As Kate strode off, a dark shadow detached from a nearby alleyway. It followed, silently, at a distance, keeping out of the dim pools cast by the streetlights.

Unfortunately, Kate didn't know which direction she should go to find a clear space for her phone to get a fix on her location.

If I keep heading the same way, she thought, I'm bound to find somewhere sooner or later.

The surrounding structures were slightly lower here, the taller office blocks just down the road. As Kate walked, the shadow some way behind flickered in the wind, as though it were wearing a long coat. It followed stealthily, steadily decreasing the distance between itself and Kate.

Suddenly, Kate's phone bleeped for attention. Kate pulled it out of her bag again and read the message on the screen: Signal acquired.

“Finally,” she breathed. Quick fingers navigated back to the Call a Taxi command. The phone gave a comforting reassurance that a taxi was on its way, with an estimated arrival time of less than a minute [23].

The shadow hung back, unsure, watching.

Within thirty seconds of making the call, a taxi veered out of nowhere and pulled to an abrupt stop alongside Kate. She opened the door and slid into the back seat.

As the taxi pulled away, the shadow shifted slightly and melted back into the darkness.

Liberty-The Husband and His Wife

The next day, the sun filtered into an east-facing bathroom window, where a man stood studying himself in the mirror.

Slight lines crinkled the skin near his eyes and mouth. His hair was still quite thick and healthy, but flecked with the salt-and-pepper grey of an aging man. Although Colin was well past his sixtieth birthday, he could have easily passed for a man in his fifties.

Suddenly, the telephone rang. Colin paused for a moment, listening – the ring only sounded in the bathroom [24]. The kitchen, bedroom, and lounge room were all silent.

“Even the damn phone knows where I am,” he muttered, shaking his head. He touched the hard lump of the RFID tag that was stitched into the hem of his shirt [25], [26]. “Helen, not again!”

Colin stabbed at an unobtrusive button on the bathroom wall, [27] and his reflection instantly gave way [28] to the face of an attractive woman with bobbed blonde hair [29] – Helen, his wife, calling from the airport in Hong Kong.

“Oh sweetheart, you look tired.” Helen sounded concerned.

Colin shrugged. “I don't feel tired. I think I just need to get some fresh air.”

“Open the window, then. It might make you feel better.”

Colin thought that what would make him feel better was a nice long walk without his wife checking up on him every five minutes.

“You haven't been to the cupboard yet to take your morning medicines,” Helen said.

“Why don't you stop pussyfooting around and just inject me with one of those continuous drug delivery things?” [30], Colin frowned.

Helen smiled. “Great idea,” she teased. “We could put a tracking chip in it too. Two birds, one stone” [31].

“At least then I wouldn't have to wear this stupid bracelet [32]. They're made for kids [33], Helen.” Colin knew his wife was joking, but the truth was that he often did feel like a recalcitrant child these days.

“Well,” Helen replied, “If you didn't insist on being so pig-headed, you wouldn't have to wear it. I was terrified when you collapsed. I'm not going to let it happen again. This way I know you're not gallivanting about without someone to look after you.”

“Ever considered that I can take care of myself? I'm not a child.”

“No, you're not. And you're not a young man either,” Helen admonished. “You need to accept that with your condition, it's just not safe to be going off by yourself. What if something happened to you? Who would know? How would we find you?”

“I feel like a prisoner in my own home, Helen. I can't even take the thing off without you knowing about it. You know they use these for prisoners?”

“Parolees, dear. And they're anklets.” She leaned in closer to the screen. “Someone needs to take care of you, Colin. If you won't, I'll have to do it myself.”

Colin sighed. “You just don't understand what it's like to be getting… older. Not being able to do everything you used to. Being betrayed by your own body. It's bad enough without you babying me along like some kind of octogenarian invalid.”

“Well, I guess that's the downside to marrying a woman almost twenty years younger than yourself,” Helen grinned.

“The only downside.” Colin smiled back at her, but his heart wasn't really in it. They had been through this argument countless times before.

He changed the subject. “Heard from our dear daughter lately? Or Scott?”

“Kate called me last night. She's doing well.”

“How's her new job?” Colin asked.

“Well, she says she enjoys it, but she's working very long hours,” Helen replied.

“And I bet you're worried about her being alone in the city at night for five minutes,” Colin said.

Helen gave a self-conscious smile. “It's not a very nice part of town. I'll feel much better about her working late when the firm moves closer to the inner city.”

“And Scott?”

“Haven't heard from him. He's back in Sydney now, though. I wish he'd call.”

“Maybe if you weren't always pestering him to marry his girl from Melbourne, he'd call more,” Colin grinned.

Helen glanced up, away from the screen.

“Sweetheart, I have to go – they've just given the final boarding call for my flight. Enjoy the rest of your day. I'll see you when I get home tonight.” She blew a rather distracted kiss at the screen, then it went blank.

Colin's shoulders sagged. Alone again.

He shuffled into the kitchen to make breakfast. Helen had left him skim milk and pre-packaged porridge oats.

“Wow,” he muttered. “Cosmic Blueberry or Bananarama? Such decisions.”

Just as Colin was finishing off the last few spoonfuls, the watch on his wrist emitted a low beep. He glanced at the screen: Low battery – critical.

Colin smiled. The device had been flashing low battery messages intermittently since yesterday evening. It had less than three days' standby time, and being on a business trip, Helen wasn't around to make sure it got recharged [34].

The screen on the little device winked out.

Munching on his porridge, Colin reached over to the cutlery drawer and took out the kitchen scissors. Very carefully, he snipped out a neat little rectangle from the hem of his shirt. The RFID tag came with it.

He swallowed down the rest of his breakfast and tossed the tag onto the counter.

Colin was going for a walk.

No alert went out to Helen. No neighbors came hurrying to see what he was doing. He reveled in the possibility of heading out without someone watching his every move [35].

Colin wandered off, his own man, if only for a morning.

Association-The Friends and Colleagues

“Hey Janet. Sorry I'm late.” Scott slid into the other seat at the table.

Janet sighed, pushing a latte and a sandwich towards him. She'd already finished her coffee. She gestured to her PDA. “These gadgets do everything. They compare our schedules, pick a place convenient to both of us, make sure there's something vegetarian on the menu for me, and book a table. Pity they can't get you here on time too.”

“I'm sure it's on the horizon,” Scott joked. “So how's life in the Sydney office?”

“All right. The weather makes a nice change. How about your parolees?”

Scott laughed. “There's a lot more of them. In Melbourne I had fifty or sixty cases at once. Now I've been allocated more than a hundred.” He bit into his sandwich. “With less parole officers able to handle more cases, I guess I'm lucky to have a job,” he continued with his mouth full [36].

Janet raised her eyebrows. “With a lot of women intolerant of bad table manners, you're lucky to have a girlfriend. I assume the workloads are greater because they use those chips here?”

“The caseload is greater, the workload is the same – yeah, because of the chips” [37]. He smiled. “It's crazy that New South Wales is already trialing these tracking implants, while Victoria's only recently got a widespread implementation of the anklets [38]. They've been around commercially for years. Mum's got Dad wearing a tracking watch now, for peace of mind after the whole angina scare.

“But the implants are much better,” Scott continued. “Who wants a chunky anklet or bracelet that makes you look like a collared freak? I'll bet it's really disconcerting having people stare at you suspiciously in the street, knowing that you're a criminal. It kind of defeats the purpose of parole – the idea is rehabilitation, reintegration under supervision. That's why the implants are so good – there's no stigma attached. No one can even tell you have one. And they're harder to remove, too.”

“I don't see what the big deal is,” Janet replied. “Why not just keep people under lock and key?”

“Resources. It costs a lot to keep someone imprisoned, but the cost drops significantly if you imprison them in their own home instead [39]. It's about overcrowding, too – jails everywhere have had an overcrowding problem for years [40].

Can it be considered reasonable to impinge upon the freedom of someone who is merely suspected of committing a crime?

“I also think electronic monitoring and parole are much better in terms of rehabilitation,” Scott went on. “People can change [41]. Often they've committed a fairly minor crime, then they go to prison, get mixed up with worse crowds [42]–[43][44]. It can be pretty rough in there. There is certainly a danger that by imprisoning people with ‘harder’ criminals, you run the risk of corrupting them further and exacerbating the problem [40].

“On parole, they can still go to work and earn money, be productive members of society, get their lives back [44], [45]. But they're watched, very closely – the tracking systems alert us if anything looks off. It's imprisonment without prisons.”

Janet smiled. “That's very Alice in Wonderland. When the Cheshire Cat disappears – how does it go? ‘I've often seen a cat without a grin, but a grin without a cat is the most curious thing I ever saw in all my life!'”

Scott laughed. “I suppose you could compare it to that.” He noted Janet's skeptical look. “It's not like we're sending people out of jails willy-nilly. There is a pretty thorough system in place to determine who gets paroled and who doesn't.”

“So how does that work?” asked Janet.

“Well, a while ago it was mainly based on crime-related and demographic variables. We're talking stuff like what sort of offense they're doing time for, the types of past convictions on their record, age, risk of re-offending” [46].

She nodded.

“Now a bunch of other things are looked at too,” he continued, finishing off his sandwich. “It's a lot more complex. Psychological factors play a big part. Even if someone displays fairly antisocial traits, they're still considered pretty low risk as long as they don't also show signs of mental illness” [47].

“So prisons are the new asylums?” Janet frowned.

“Not quite but I see your point,” Scott admitted.

“What about terrorists?” Janet argued. “How can you guarantee that there won't be another incident like the Brisbane rail bombings”[48]?

“Like I said, anyone considered really dangerous is still kept in a regular prison,” Scott said. “All the major landmarks and places people congregate in Sydney are tagged anyway [49]. There's no way a convicted terrorist would get within a hundred meters of anything worth attacking.”

Janet raised her eyebrows, unconvinced. She thought of the newspaper reports about security breaches of public places that had been linked to professional cybervandals. As far as she was concerned, no new technology was the silver bullet.

Scott continued, “And you know that governmental powers now allow ‘persons of interest’ to be implanted as well.”

Janet shook her head. “I'm all for preventing terrorist attacks. But implanting people who haven't committed a crime? How far will they take it? What if the government decided that they should just track everyone, to be on the safe side?”

Scott shrugged. “I guess we just need to find a nice balance between personal freedom and national security.”

He glanced at his watch and pushed his chair back. “I need to get back to work,” he said apologetically.

Policing-The Officer and the Parolee

Scott paused on the landing in front of Doug's apartment and steeled himself. Doug was his last visit of the day. Scott was a fairly likeable guy and had a rapport with most of his cases, but Doug, convicted of aggravated sexual assault, was different [50].

Scott knocked on the door.

A few seconds passed, then it opened a fraction and a stubbled face peered out. Doug wore a stained long-sleeved shirt and ratty jeans.

“Scott,” he sneered. “So nice of you to drop by.”

“Let's just do this, Doug.”

Scott followed Doug into the living room. He pulled out a small device and waved it up and down the man's left arm. It beeped and Scott checked the screen.

“Your chip seems fine,” he said. “Just a routine check – we like to do one every now and then to make sure everything's okay. Congratulations on your new job, by the way. How do you like house painting?”

“My true bloody calling,” Doug leered.

“Er… great. Keep it up then. With good behavior like this you'll be done in no time.”

Scott felt relieved that he would no longer have to sift through Doug's daily tracking logs.

Doug just smiled.

Duplicity-The Victim

Doug waited more than two hours after Scott left before removing his shirt. He peeled off the electrical tape covering an ugly, ragged scar on his upper arm [51]. The scar wasn't from the chip's implantation. It was created by the deep cut Doug's heavily pierced cyberpunk friend had made to remove it [52].

The tiny chip – smaller than a grain of rice – was stuck to the back of the tape. Gingerly, Doug set it on the table in front of the TV and smiled. His chip was having a night in.

He was going out.

Doug pulled his shirt back on and shrugged into a long coat.

He knew there would be a young woman in a grey suit leaving her office soon. She worked at the law firm that was hot stuff in the news. Stupid really, he thought, that she's not afraid to wander the streets in that part of town at night, alone. A Smart girl like that should know better.

The stairwell was quiet. He slipped out into the darkness, a shadow among the other shadows.

He wanted to pay that attractive little lawyer a visit before she caught her taxi home.

Critical Analysis

Legal and Ethical Issues

According to Ermann and Shauf, our “ethical standards and social institutions have not yet adapted… to the moral dilemmas that result from computer technology” [53]. This has a great deal to do with the way Helen uses the LBS technologies available to her. In Liberty, Helen obviously cares about her husband and wants what is best for his health. She is willing to “help” Colin look after himself by monitoring him and restricting the activities she allows him to participate in, especially when he is alone. It is not too difficult to imagine this happening in the real world if LBS becomes commonplace. It is also conceivable that, for some people, this power could be held by a hospital or health insurance company. However, Helen fails to balance her concern for her husband's physical welfare with his need to be an autonomous being. Although LBS technologies are readily available, perhaps she has not completely thought through her decision to use these technologies to monitor Colin, even if it is ostensibly for his own good. It could even be seen as selfish.

The current climate is indicative of individuals' willingness to relinquish their privacy (or at least someone else's) for the sake of impenetrable security.

Consideration of legal issues is also important – it does not appear that there is any specific Australian legislation that covers the unique possibilities of LBS tracking. One situation that is likely to appear with more frequency is people using LBS technologies to monitor loved ones “for their own good.” Several issues are raised here. When is a person sufficiently impaired to warrant such monitoring? Should their consent be necessary? What if they are considered to be too impaired to make a rational decision about monitoring?

Autonomy is an important part of a person's identity. Resistance to a situation is often unconsciously employed to “preserve psychically vital states of autonomy, identity, and self-cohesion from potentially destabilizing impingements” [54]. If a person's resistance is bypassed or circumvented, their adaptive capacities can be overloaded, inducing feelings of desperation and helplessness. The natural reaction to this is to exert an immediate counterforce in an attempt to re-establish the old balance, or even to establish a new balance with which the individual can feel comfortable [54].

These ideas about autonomy, identity and resistance are demonstrated in Liberty through Colin. He experiences feelings of helplessness and vulnerability because of his loss of autonomy through constant LBS monitoring. His unsupervised walk can be seen as an attempt to redress the balance of power between himself and Helen. With these issues in mind, perhaps the kindest and least disruptive way to implement a monitoring program for an aging individual is to develop a partnership with that person. In this sort of situation, LBS tracking can be a joint process that “is continually informed by the goal of fostering… autonomy” [54].

Another significant legal and ethical issue is that of monitoring people such as those suspected of being involved in terrorist activities. As hinted at in Association, this is not mere fancy – the Australian Government, for example, has passed new anti-terrorism laws that, among other things, would give police and security agencies the power to fit terror suspects with tracking devices for up to 12 months [55].

This kind of power should give rise to concern. Can it be considered reasonable to impinge upon the freedom of someone who is merely suspected of committing a crime? For tracking implants especially, do governments have the right to invade a personal space (i.e., a person's body) simply based on premise?

Criminals give up some of their normal rights by committing an offense. By going against society's laws, freedoms such as the right to liberty are forfeited. This is retributivism (i.e., “just deserts”). The central idea is proportionality: “punishment should be proportionate to the gravity of, and culpability involved in, the offense” [40]. With no crime involved, the punishment of electronic monitoring or home detention must be out of proportion.

The threat of terrorist attacks has led the Australian Government to propose giving itself extraordinary powers that never could have been justified previously.

With measures such as those in Australia's counter-terrorism laws, there is obviously a very great need for caution, accountability, and review in the exercise of such powers. Gareth Evans, the former Australian Labor foreign minister, commented on the laws by saying:

“It is crucial when you are putting in place measures that are as extreme in terms of our libertarian traditions as these that there be over and over again justification offered for them and explanations given of the nature and scale of the risk and the necessity… it is a precondition for a decent society to have that kind of scrutiny” [56].

 

The July 2005 London subway bombings are the justification offered repeatedly by Australian Prime Minister John Howard for the new laws, reinforced by Australian Secret Intelligence Organization (ASIO) director-general Paul O'Sullivan. However, this “justification” ignores the reality that “the London bombers were ‘clean skins' who had escaped police notice altogether” [57]. Tagging suspicious people cannot keep society completely safe.

We do not make a judgment on whether pre-emptive control legislation is proper or not. We suggest, however, that the laws recently enacted by the Australian Federal Government (and agreed to by the Australian States) could be indicative of a broader trend.

John Howard said that “in other circumstances I would never have sought these new powers. But we live in very dangerous and different and threatening circumstances… I think all of these powers are needed” [58]. Could the same argument be used in the future to justify monitoring everyone in the country? If pre-emptive control is a part of government security, then widespread LBS monitoring could be the most effective form of implementation.

Without suggesting the potentially far-fetched Orwellian scenario where draconian policies and laws mean that the entire population is tracked every moment of their lives, there is an argument to be made that the current climate is indicative of individuals' willingness to relinquish their privacy (or at least someone else's) for the sake of impenetrable security.

Social Issues

Control emerges as a significant theme in the scenario Control Unwired. Even in LBS applications that are for care or convenience purposes, aspects of control are exhibited. The title reflects the dilemma about who has control and who does not. For example, in Vulnerability, Kate experiences a loss of control over her situation when her GPS-enabled smart phone does not work the way she wants it to work, but a sense of control is restored when it is functioning properly again. Helen has control over Colin in Liberty, and in turn Colin has little control over his own life. In both Association and Policing we see how Scott uses LBS every day as a control mechanism for parolees. Finally, in Duplicity, the question arises whether faith in this sort of control is fully justified.

Trust is a vitally important part of human existence. It develops as early as the first year of life and continues to shape our interactions with others until the day we die [59]. In relationships, a lack of trust means that there is also no bonding, no giving, and no risk-taking [60]. In fact, Marano states:

“[w]ithout trust, there can be no meaningful connection to another human being. And without connection to one another, we literally fall apart. We get physically sick. We get depressed. And our minds… run away with themselves” [59].

An issue that arises in Liberty is that of trust, recalling Perolle's notion of surveillance being practiced in low-trust situations and the idea that the very act of monitoring destroys trust [61]. We can see this happening in the Colin/Helen relationship. Helen does not trust Colin enough to let him make his own decisions. Colin does not trust Helen enough to tell her he is going out by himself, without any kind of monitoring technology. He resents her intrusion into his day-to-day life, but tolerates it because he loves his wife and wants to avoid upsetting her. Their relationship could be expected to become increasingly dysfunctional if there is a breakdown of trust. It is near impossible to predict the complex effects of LBS when used to track humans in this way, especially as each person has a different background, culture, and upbringing. However, if Perolle [61] and Weckert [62] are agreed with, these types of technological solutions may well contribute to the erosion of trust in human relationships – what would this entail for society at large? Freedom and trust go hand-in-hand. These are celebrated concepts that have been universally connected to civil liberties by most political societies.

Technological Issues

There is a widely held belief that it is how people use a technology, not the technology itself, that can be characterized as either good or bad. People often see technology as neutral “in the sense that in itself it does not incorporate or imply any political or social values” [63]. However, there are other researchers who argue that technology is not neutral because it requires the application of innovation and industry to some aspect of our lives that “needs” to be improved, and therefore must always have some social effect [63]. The LBS applications in the scenario all appear to show aspects of control. This would suggest that the technology itself is not neutral – that LBS are designed to exercise control.

Control Unwired seems to echo Dickson's argument that technology is not neutral because of its political nature: “dominating technology reflects the wishes of the ruling class to control their fellow men” [63]. We can certainly see elements of this idea in the scenario. All of the LBS functions depicted are about control, whether it be control over one's own situation (Vulnerability), caring control of a loved one (Liberty), or forced control over parolees (Association, Policing, and Duplicity). These situations imply that LBS is not neutral, and that the technology is designed to enhance control in various forms.

Some believe that technology is the driving force that shapes the way we live. This theory is known as technological determinism, one of the basic tenets of which is that “changes in technology are the single most important source of change in society” [64]. The idea is that technological forces contribute to social change more than political, economic, or environmental factors. The authors would not go so far as to subscribe to this strongest sense of technological determinism doctrine. The social setting in which the technology emerges is at least as important as the technology itself in determining how society is affected. As Braun says: “[t]he successful artifacts of technology are chosen by a social selection environment, [like] the success of living organisms is determined by a biological selection environment” [65]. Technologies that fail to find a market never have a chance to change society, so society shapes technology at least as much as it is shaped by technology. In this light, Hughes's theory of technological momentum is a useful alternative to technological determinism: similar in that it is time-dependent and focuses on technology as a force of change, but sensitive to the complexities of society and culture [66].

Technological potential is not necessarily social destiny [67]. However, in the case of LBS, it is plausible to expect it to create a shift in the way we live. We can already see this shift occurring in parents who monitor their children with LBS tracking devices, and in the easing of overcrowding in prisons through home imprisonment and parole programs using LBS monitoring.

As described previously, the threat of terrorist attacks has led the Australian Government to give itself extraordinary powers that never could have been justified previously. In this situation, LBS has enabled the electronic monitoring of suspicious persons; however, it is not the technology alone that acts as the impetus. Pre-emptive electronic tracking could not be put in place without LBS. Neither would it be tolerated without society believing (rightly or not) that it is necessary in the current climate.

The scenario also demonstrates that technology and society evolve at least partially in tandem. In Association, through the conversation between Scott and Janet, we learn that LBS tracking implants were not introduced simply because they were technically feasible. The reasons for their use were to reduce overcrowding in prisons and to mitigate the burden of criminals on the ordinary taxpayer. Social and economic factors, as well as technological ones, contributed to this measure being taken.

Although technology is not the sole factor in social change, and arguably not the most important, LBS are gaining momentum and are likely to contribute to a shift in the way we live. This can be seen both in the scenario and in real-life examples today. Throughout Control Unwired we can see LBS becoming an integral part of daily life. If this does happen, consideration must be given to what will happen if the technology fails – which it inevitably will. No technology is completely perfect. There are always shortcomings and limitations.

Examples of deficiencies in LBS technologies can be found scattered throughout the scenario. In Vulnerability, Kate appears to be over-reliant on LBS (why does she not simply call a taxi from her office before leaving?) and when the technology fails, it creates a potentially dangerous situation. Even more dangerous circumstances occur in Duplicity. Doug, a convicted sex offender, is able to break his curfew without anyone knowing. Perhaps measures could be implemented to stop such breaches from going undetected, but that would not stop them from happening altogether. One U.S. study found that about 75 percent of electronically monitored “walk offs” were re-apprehended within 24 hours [45]. That means a quarter went free for more than a day – plenty of time to commit other offences. And, although the offender may be caught and punished, it is difficult to remedy the damage done to an individual who is robbed or assaulted.

And no technology is completely fail-safe. Even electricity, a mainstay of daily life, can suddenly fail, with socially and economically devastating effects. Most of Auckland, New Zealand, went without power for five weeks during a massive blackout in 1998 [68]. A 1977 electricity outage in New York led to widespread looting, arson and urban collapse [69]. If we become as reliant on LBS as we have become on other technologies like electricity, motor vehicles, and computers, we must be prepared for the consequences when (not if) the technology fails.

Risk to the Individual Versus Risk to Society

Any technology can be expected to have both positive and negative effects on individuals and on the wider community. Emmanuel Mesthane of Harvard's former Technology and Society Program wrote: “[n]ew technology creates new opportunities for men and societies and it also generates new problems for them. It has both positive and negative effects and it usually has the two at the same time and in virtue of each other” [70]. From Table I, it is obvious that there is an inherent trade-off between the interests of the individual and the interests of society as a whole: the privacy of the individual is in conflict with the safety of the broader community. As G.T. Marx reflects, “[h]ow is the desire for security balanced with the desire to be free from intrusions” [71]? This work is certainly not the first to allude to this issue. For example, Kun has said that “perhaps one of the greatest challenges of this decade will be how we deal with this theme of privacy vs. national security” [72].

Table I  Positives and negatives of LBS for different user types

Table I Positives and negatives of LBS for different user types

The original contribution of this article is that the dilemma has been related specifically to LBS, under the privacy-security dichotomy [73]. Here, each side of the dichotomy is divided into three key components that combine to greatly magnify risk. Removing one or more components for each set decreases the privacy or security risk. Where more elements are present in conjunction, the risk is increased.

Significant privacy risk occurs when the following factors are present (Fig. 1):

Fig. 1 Privacy Risk

Fig. 1 Privacy Risk

  • Omniscience — LBS tracking is mandatory, so authorities have near-perfect knowledge of people's whereabouts and activities.

  • Exposure — security of LBS systems is imperfect, leaving them open to unauthorized access.

  • Corruption — motive exists to abuse location-related data. This includes unauthorized or improper changes, thus compromising content integrity.

It is not difficult to see why the danger in this privacy-risk scenario is so great. A nation with “all-knowing” authorities means that a large amount of highly sensitive information is stored about all citizens in the country. Security of electronic systems is never foolproof. And, where there is something to be gained, corrupt behavior is usually in the vicinity. The combination of all three factors creates a very serious threat to privacy.

Significant security risk occurs with the following conditions (Fig. 2):

  • Limitedness — authorities have limited knowledge of people's activities.

  • Vulnerability — security of individuals and infrastructure is imperfect.

  • Fraudulence — motive exists to commit crimes.

Fig. 2 Security Risk

Fig. 2 Security Risk

This security-risk dimension is a life situation that people have to contend with in the present day: limitedness, vulnerability, and fraudulence. Law enforcement authorities cannot be everywhere at once, nor can they have instant knowledge of unlawful activity. Security of infrastructure and people can never be absolute. In addition, there are always individuals willing to commit crimes for one reason or another. These factors merge to form a situation in which crimes can be committed against people and property relatively easily, with at least some chance of the perpetrator remaining unidentified.

As mentioned above, the security-risk half of the dichotomy typifies our current environment. However, the majority of society manages to live contentedly, despite a certain level of vulnerability and the modern-day threat of terrorism. The security-risk seems magnified when examined in the context of the LBS privacy-security dichotomy. LBS have the potential to greatly enhance both national and personal security, but not without creating a different kind of threat to the privacy of the individual. The principal question is: how much privacy are we willing to trade in order to increase security? Is the privacy-risk scenario depicted above a preferable alternative to the security-risk society lives with now? Or would society lose more than it gains? And how are we to evaluate potential ethical scenarios in the context of utilitarianism, Kantianism, or social contract theory?

Major Implications

The issues of control, trust, privacy and security are interrelated (Table II). As discussed above, increased control can impair or even destroy trust; i.e., there is no need to be concerned with trusting someone when they can be monitored from afar. In contrast, increased trust would normally mean increased privacy. An individual who has confidence in another person to avoid intentionally doing anything to adversely affect them, probably does not feel the need to scrutinize that person's activities.

Table II  Unanswered questions in LBS

Table II Unanswered questions in LBS

Privacy requires security as well as trust. A person's privacy can be seriously violated by a security breach of an LBS system, with their location information being accessed by unauthorized parties. The other effect of system security, however, is that it enhances control. A secure system means that tracking devices cannot be removed without authorization, therefore, control is increased. Of course, control and privacy are mutually exclusive. Constant monitoring destroys privacy, and privacy being paramount rules out the possibility of LBS tracking. These relationships are summarized in Fig. 3.

4135773-fig-3-small.gif

The most significant implication of the work presented here is this: the potential for LBS to create social change raises the need for debate about our current path and consideration of future probabilities. Will the widespread application of LBS significantly improve our lives? Or will it have negative irreversible social effects?

Technological progress is not synonymous with social progress. Social progress involves working towards socially desirable objectives in an effort to create a desirable future world [65]. Instead of these lofty ideals, technological progress is based on what is technically possible. However, there is a difference between what can be done and what should be done – the relentless pursuit of technological advancement for its own sake is arguably a pointless exercise. Do we really need more electronic gadgets in our daily lives? As Kling states:

“I am struck by the way in which the news media casually promote images of a technologically rich future while ignoring the way in which these technologies can add cost, complexity, and new dependencies to daily life” [74].

In the Association section of the scenario, Janet's comment about Alice's Adventures in Wonderland can be seen as more than just a superficial remark. In the book, Alice has the following conversation with the Cat:

“Would you tell me, please, which way I ought to go from here?”
“That depends a good deal on where you want to get to,” said the Cat.
“I don't much care where—” said Alice.
“Then it doesn't matter which way you go,” said the Cat [75].

Martin Gardner says that John Kemeny, author of A Philosopher Looks at Science, compares Alice's question and the Cat's answer to the “eternal cleavage between science and ethics” [75]. The same could be said of LBS technologies and possible future applications. New technologies provide exciting opportunities, but human decision-making based on social and ethical considerations is also needed in determining the best path to follow. Technology merely provides us with a convenient way to reach the destination. Without a sense of direction, where might we find ourselves? And where is the logic behind a “directionless” destination? There is clearly a serious need for thought and discussion about how we want LBS to be used in the wider context of its potential application.

Besides developing a sense of purpose for the use of LBS, we need to examine very carefully the possibility of the technology having unintended side effects such as the breakdown of trust and abuse of its application. Certainly, the potential effect of unplanned consequences should not be underestimated. According to Jessen:

“The side effects of technological innovation are more influential than the direct effects, and they have the rippling effect of a pebble hitting water; they spread out in ever enlarging concentric circles throughout a society to transform its behavior, its outlook, and its moral ethic” [76].

Of course not all secondary effects can be foreseen. However, this does not mean that deliberating on the possible consequences is without some genuine worth. Surely some form of preparation to deal with adverse outcomes, or at least to notice them before they become irreversible, is better than none at all.

The scenario Control Unwired has demonstrated the potential of LBS to create social change. It has also shown that the use of LBS may have unintended but long-term adverse effects. For this reason the major recommendations are cross-disciplinary debate and technology assessment using detailed scenario planning. We need to critically engage with LBS, its potential applications, and possible side-effects instead of just blindly hurtling along with the momentum of technology-push.

References

1. J. E. Jacobs, "Social implications of computers: ethical and equity issues", ACM Outlook, pp. 100-114, 1988.

2. C. Huff, "Practical guidance for teaching the social impact statement", ACM CQL, pp. 86-89, 1996.

3Cases on Engineering Ethics Practice, Oct. 2006, [online] Available: http://www.onlineethics.org/ eng/cases.html.

4. A. Ghafarian, "Integrating ethical issues into the undergraduate computer science curriculum", ACM CCSC - JCSC, vol. 18, no. 2, pp. 180-188, 2002.

5. J. A. Rohn, "Usability in practice: Alternatives to formative evaluations — Evolution and revolution", CHI 2002, pp. 891-897, 2002.

6. R. G. Epstein, The Case of the Killer Robot, NY, New York:Wiley, 1997.

7. R. G. Epstein, "Stories and plays about the ethical and social implications of artificial intelligence", Intelligence, pp. 17-19, 2000.

8. R. G. Epstein, "Latest developments in the killer robot computer ethics scenario", ACM SIGCSE, pp. 111-115, 1995.

9. R. G. Epstein, "In-depth! The Silicon Valley Sentinel-Observer’s public affairs NetTV program presents: Toxic knowledge", Proc. Ethics and Social Impact Component on Shaping Policy in the Information Age, pp. 86-91, 1998.

10. J. M. Artz, "The role of stories in computer ethics", Computers and Society, pp. 11-13, 1998.

11. M. Lindgren, H. Bandhold, Scenario Planning: The link between future and strategy, NY, New York:Palgrave-Macmillan, pp. 21, 2003.

12. J. P. Martino, "A review of selected recent advances in technological forecasting", Technological Forecasting and Social Change, vol. 70, no. 8, pp. 719-722, 2003.

13. M. Godet, "The art of scenarios and strategic planning: Tools and pitfalls", Technological Forecasting and Social Change, vol. 65, no. 1, pp. 3-11, 2000.

14. M. Lindgren, H. Bandhold, Scenario Planning: The link between future and strategy, NY, New York:Palgrave Macmillan, pp. 38-168, 2003.

15. P. Hogan, On Interpretation: Meaning and Inference in Law Psychoanalysis and Literature, GA, Athens:Univ. of Georgia, pp. 9, 1996.

16. K. Michael, M. G. Michael, "Microchipping people: The rise of the Electrophorus", Quadrant, vol. 49, no. 3, pp. 22-33, 2005.

17. S. Žižek, "Cyberspace or the unbearable closure of being" in Endless Night: Cinema and Psychoanalysis Parallel Histories, CA, Berkeley:Univ. of California Press, pp. 92-102, 1999.

18. G. Aquino, "Dialled in: GPS cell phones", PC World, Mar. 2004, [online] Available: http://www. pcworld.com/article/id,115273-page,1/article.html, accessed.

19CF Card GPS for PDA’s, Sept. 2005, [online] Available: http://www.filesaveas.com/gpscfcard.html.

20Agis develops real time location service for savvy mobile phone users, Apr. 2005, [online] Available: http://www. asiagis.com.sg/agis/pdf/Navfone_Press.pdf.

21How GPS Works, Sept. 2005, [online] Available: http://www.trimble. com/gps/whygps-anim00.shtml.

22. S. Dooley, P. Gough, "Software integration lowers the cost of A-GPS", Wireless-Web, 2005, [online] Available: http://wireless.iop.org/articles/feature/6/8/7/1, accessed.

23. N. Pikabea, GPS for taxis, May 2004, [online] Available: http://innovations report. de/html/berichte/kommunikation_medien/beri cht29210.html, accessed.

24. B. Gates, The Road Ahead, NY, New York:Viking, pp. 218-219, 1995.

25Silent Commerce Chips Away at Star City Casino Wardrobe Worries, [online] Available: http:// www.accenture.com/Global/Services/By_Subject/Radio_Frequency_Identification/Client_su ccesses/StarCityCasino.htm.

26TAGSYS RFID Products, Sept. 2005, [online] Available: http://www.tagsysrfid.com/eng/ rfid/tagsys_produit/rfid_tag-4-1-1.html, accessed.

27. K. J. Lin, T. Yu, C. Y. Shih, "The design of a personal and intelligent pervasive-commerce system architecture", Proc. Second IEEE Int. Workshop on Mobile Commerce and Services, pp. 163, 2005.

28. M. Cable, The award-winning Flat Screen InvisiSound Mirror Frame makes home theater audio and video disappear, CA, Brisbane:Monster Press Room, Jan. 2005, [online] Available: http:// www.monstercable.com/press/press_result.asp?pr=2005_01_Frame.asp.

29. G. McArthur, "Videoconferencing over IP - The switch is on", Business Communications Rev., Sept. 2004, [online] Available: http://www.bcr.com/bcrmag/ 2004/09/p62.php.

30. M. Madou, BioMEMS/BioNEMS: Research in the laboratories of Marc Madou, 2003, [online] Available: http://www.inrf.uci.edu/research/marcmadou.p df.

31. H. Brøseth, H. C. Pedersen, "Hunting effort and game vulnerability studies on a small scale: A new technique combining radio-telemetry GPS and GIS", J. Applied Ecology, vol. 37, no. 1, pp. 182, 2000.

32. C. S. Miner, "Digital jewelry: Wearable technology for everyday life", CHI '01 Extended Abstracts on Human Factors in Computing Systems, pp. 45, 2001-Mar.

33Wherify's GPS Wherifone, Sept. 2005, [online] Available: http://www.wherify-wireless.com/univLoc.asp.

34GPS Marine Tracking Systems / Vessel Tracking, Sept. 2005, [online] Available: http:// www.environmental-studies.de/GPS/GPS-trac king-systems/Marine-Tracking/marine-tracking.html.

35.J. Dodd, "Parents & technology: The Wherify GPS personal locator offers help but fails to protect", General Computing, vol. 15, no. 2, pp. 35, 2004.

36Job Guide, 2005, [online] Available: http://jobguide.thegoodguides.com.au/statespecific.cfm?jobid =615&state_id=NSW.

37Electronic Monitoring, 1996, [online] Available: http://www. appa-net.org/about%20appa/electron.htm.

38Applied Digital Solutions Announces Working Prototype of Subdermal GPS Personal Location Device, 2003, [online] Available: http://adsx.com/news/2003/051303.html.

39NSWLRC Report: Sentencing, Oct. 2006, [online] Available: http://www.lawlink.nsw.gov.au/lawlink/lrc/ll_lrc.nsf/pages/LRC_ip27chpl.

40. D. Brown, D. Farrier, S. Egger, L. McNamara, Criminal Laws, NSW, Leichhardt:Federation, 2001.

41Discretionary Parole, 2002, [online] Available: http://www. appa-net.org/about%20appa/discretionary_par ole.htm.

42. D. Sugg, L. Moore, P. Howard, Electronic monitoring and offending behavior: reconviction results for the second year of trials of curfew orders, 2001, [online] Available: http://www.probation. homeoffice.gov.uk/files/pdf/r141[1].pdf.

43Electronic Monitoring, 2004, [online] Available: http://www.corrections.govt.nz/public/aboutus/fact-sheets/reducingreoffending/electronic-monitoring.html.

44Chapter 7: Parole, 1996, [online] Available: http://www.lawlink.nsw.gov.au/lrc.nsf/pages/DP33CHP7, accessed.

45Keeping Track of Electronic Monitoring, 1999, [online] Available: http://www.justnet.org/pdffiles/ Elec-Monit.pdf.

46Parole Sex Offenders and Rehabilitation Programs, 2003, [online] Available: http://www.nswccl.org.au/docs/pdf/Parole_Sex Offenders_Note.pdf, accessed.

47. S. J. Lee, J. F. Edens, "Exploring predictors of institutional misbehavior among male Korean inmates", Criminal Justice and Behavior, vol. 32, no. 4, pp. 412-414, 2005.

48. "Terror tape targets Melbourne", The Australian, Sept. 2005.

49. K. Michael, A. Masters, "The advancement of positioning technologies in defense intelligence" in Applications of Information Systems to Homeland Security and Defense, U.K., London: IDG Press, pp. 193-201, 2005.

50. A. M. Piehl, B. Useem, J. J. DiIulio, Right-sizing justice: A cost-benefit analysis of imprisonment in three states, 1999, [online] Available: http://www.manhattan-institute.org/html/ cr_8.htm, accessed.

51. J. Scheeres, "Tracking Junior with a microchip", Wired News, 2003, [online] Available: http://www. wired.com/news/technology/0,1282,60771,00. html, accessed.

52. M. Millanvoye, "Teflon under my skin", UNESCO, 2001, [online] Available: http://www.unesco.org/courier/2001_07/uk/doss41.htm.

53. Computers Ethics and Society, NY, New York:Oxford Univ. Press, pp. vi, 2002.

54. E. Adler, J. L. Bachant, "Intrapsychic and interactive dimensions of resistance: A contemporary perspective", Psychoanalytic Psychology, vol. 15, no. 4, pp. 451-454, 1998.

55. N. Gilmore, "PM defends anti-terrorism laws", Lateline, 2005, [online] Available: http://www.abc.net.au/ lateline/content/2005/s1456384.htm.

56. "Terror laws shouldn't go overboard: Evans", The Sydney Morning Herald, 2005, [online] Available: http:// www.smh.com/au/news/national/terror-laws-shouldnt-go-overboard-evans/2005/09/27/ 1127586836368.html?from=moreStories.

57. M. Wilkinson, "Powers pave way for secret new world", The Sydney Morning Herald, pp. 1-6, Sept. 2005.

58. J. Kerr, "House arrest for terror suspects", The Sydney Morning Herald, pp. 1, Sept. 2005.

59. H. E. Marano, "Trust someone again", Psychology Today, vol. 31, no. 4, pp. 7, 1998.

60. T. Mizrahi, "How can you learn to trust again", Psychology Today, vol. 35, no. 2, pp. 12, 2002.

61. J. A. Perolle, "Computer-supported cooperative work" in Computers Surveillance and Privacy, MN, Minneapolis:Univ. of Minnesota Press, pp. 47-59, 1996.

62. J. Weckert, "Trust and monitoring in the workplace", Proc. IEEE International Symposium on Technology and Society, pp. 245, 2000.

63. J. Lipscombe, B. Williams, Are Science and Technology Neutral, U.K., Manchester:Univ. of Manchester, pp. 19, 1979.

64. L. Winner, Autonomous Technology: Technics-out-of-Control as a Theme in Political Thought, MA, Cambridge:M.I.T. Press, pp. 76, 1977.

65.E. Braun, Futile Progress: Technology's Empty Promise, U.K., London:Earthscan, pp. 21, 1995.

66. T. P. Hughes, Technological momentum in Does Technology Drive History?, MA, Cambridge:M.I.T. Press, pp. 101, 1994.

67. D. Lyon, Surveillance Society: Monitoring Everyday Life Berkshire, U.K.:Open Univ. Press, pp. 23-24, 2001.

68. "Power outage hits Auckland hours after crisis declared over", CNN World News, 1998, [online] Available: http://www.cnn.com/WORLD/9803/27/ auckland.outage/.

69. K. Westcott, "New York's good and bad blackouts", BBC News, 2003, [online] Available: http://news.bbc. co.uk/1/hi/world/americas/3154757.stm.

70. P. Bereano, "Technology is a tool of the powerful" in Computers Ethics and Society, NY, New York:Oxford Univ. Press, pp. 85, 2003.

71. G. T. Marx, Undercover: Police Surveillance in America, U.K., Berkeley:Univ. of California Press, 1988.

72. L. G. Kun, "Homeland security: the possible probable and perils of information technology", IEEE Engineering in Medicine and Biology, vol. 21, no. 5, pp. 28-33, 2002.

73. L. Perusco, K. Michael, M. G. Michael, "Location-based services and the privacy-security dichotomy", Proc. Third Int.Conf. on Mobile Computing and Ubiquitous Networking, 2006.

74. R. Kling, "The seductive equation of technological progress with social progress" in Computerization and Controversy: Value Conflicts and Social Choices, MA, Boston:Academic, pp. 22-23, 1996.

75. The Annotated Alice, NY, New York:Penguin, pp. 88, 1970.

76. P. Jessen, Technology Assessment: Creative Futures, MI, Ann Arbor:Univ. of Michigan Press, pp. 245-246, 1980.

Acknowledgment

The authors would like to acknowledge the significant contribution of Dr. M.G. Michael, Honorary Fellow at the School of Information Systems and Technology at the University of Wollongong and a member of the IP Location-Based Services Research Program.

Keywords

Privacy, Security, Ethics, Technological innovation, Social implications of technology, Animals, Mission critical systems, Radio frequency, Radiofrequency identification, Uncertainty, security of data, data privacy, mobile computing, privacy-security dichotomy, location-based services, scenario planning, security risk, privacy risk

Citation: Laura Perusco, Katina Michael, "Control, trust, privacy, and security: evaluating location-based services", IEEE Technology and Society Magazine, Vol. 26, No. 1, Spring 2007, pp. 4 - 16.

Location-based intelligence - modeling behavior in humans

SECTION 1. Introduction

This paper considers the specific data elements that can be gathered by service providers about telecommunications customers subscribed to location-based service (LBS) applications. Increasingly private companies are investing in location-based technologies for asset, animal and people tracking. Depending on the type of technology in use, the level of accuracy in terms of identifying the outdoor position of the subscriber can vary from cell-based identification to nearest landmark, to the pinpoint longitude and latitude coordinates of an object or subject. The application context is also important-is information being gathered about employees by an employer or is the use of the technology a voluntary option for the subscriber or their caretaker. Till now, there have been only a few cases which have ended in litigation over the accuracy of a location fix, but as the number of LBS adopters sets to grow for niche application areas, it is predicted that a greater number of conflicts may arise between the end-user and stakeholders. Liability is a key issue here, as is privacy [1].

SECTION 2. Location-based surveillance

2.1 Tracking people

“Mobility is a basic and indispensable human activity that is essential for us to be able to lead independent lives on a daily basis” [2]. Someone who is moving can be tracked manually or digitally. The information being gathered as the end-user moves around can be considered a type of “electronic chronicle” [3]. To allow oneself to be tracked can be a voluntary act, but in most cases it is imposed by a third party who has some control over the end-user. Tracking is critical in the process “of people motion capture, people behavior control and indoor video surveillance” [4]. In this paper we do not consider location information gathered using indoor tracking techniques such as knowledge representation or models of temporal correlation, although these techniques could be complementary to outdoor GPS tracking. There are also other techniques for tracking humans based on Assisted-GPS (A-GPS) [5], Wi-Fi technology such as the ‘Human Tracking and Following’ system [6], or embedded technologies [7] which all may become used in the future as a replacement or contingency technique to GPS. The Wi-Fi tracking approach employs an obtrusive technique requiring the end-user to employ active beacons on their body, as opposed to vision systems which are generally unobtrusive. In like manner, a GPS receiver in the form of a watch or handheld device clipped to a belt can be considered obtrusive [8].

2.2 Storing tracking data

Tracking data gathered by a GPS, such as route or point information, can be spatially represented in a geographic information system (GIS). The GIS may contain multiple layers of information, from civic data to administrative political data, statistical information and even non-earth unit data. The GIS can store trajectory data that is based on assumptions related to the end-user's historical speed and direction data, and static road/path segment information. Related to this idea is the notion of “digital trail libraries”, in effect the study of overlapping GPS trails and their digital storage [9]. Morris et al. explain that GPS track logs, are sequences of precise locations created by dropping a breadcrumb. While Morris' paper focuses on GPS for recreational activity, there is the potential for “private” track logs to be compared in order to find originating and terminating points of interaction between people. The outcomes of such an analysis fall into the category of location-based intelligence. Consider the potential for “collision” alerts of persons of interest. Access to the tracking data of an end-user's records requires strict policing. Hengartner and Steenkiste (2005) reaffirm that “[1] ocation is a sensitive piece of information” and that “releasing it to random entities might pose security and privacy risks” [10]. They emphasize the need for individual and institutional policies and the importance of formal models of trust.

SECTION 3. Methodology

One way to deduce some of the unforeseen consequences of GPS-based human tracking is to experience the process first hand. In this pilot study, a civilian participant tracked themselves for a period of 2 weeks using a GPS 24/7. Participant observation is where the observer “seeks to become some kind of member of the observed group” [11]. For the purposes of this study the participant represents individuals who would have their movements tracked and monitored by a third party. Measures need to be taken to ensure the participant's normal activities are not impacted in any way by carrying the GPS.

Two sets of data are to be gathered throughout this observational study: geographical co-ordinates and diary logs (table 1). The geographical coordinates will be collected through the means of a GPS device as quantitative data. However, in order to interpret this data, GIS software will be used to transform co-ordinates into comprehensible geolocations. The daily diary logs will be collected as complementary qualitative data. Each day during the study the participant will record any thoughts and opinions they may have with respect to being tracked.

3.1 Set-up

The following guidelines were used in the pilot study:

  • Daily activities–at the start of each day the GPS device is turned on as soon as the participant leaves their place of residence. At the end of each day the device is switched off.

  • Carrying the GPS device–the device is carried in the participant's bag or pocket while walking. When driving, the device is placed securely in a dock.

  • Tracking node limitation–the device is only capable of collecting 2000 tracking nodes at a time. While this is more than enough for a single day of tracking it is not enough for more than one day. Care must be taken to ensure that track data is erased at the end of each day so there will be enough memory the following day.

  • Getting a signal–it takes about one minute to get a signal, so when the device is first turned on the user will have to wait until a signal is detected.

  • Indoors–the device looses its signal when indoors so when the signal is lost at a certain location it will be assumed that the user is indoors.

  • Battery life–the manual indicates that the device can get up to 14 hours of usage on two AA batteries. Rechargeable batteries do not have enough power to keep the GPS device running throughout an entire day. Non-rechargeable batteries will be replaced when they are running low.

Table 1  Observational Instruments

Table 1 Observational Instruments

SECTION 4. Observational study

4.1 Digital breadcrumb

Figure 1  —Participant with Magellan GPS Device

Figure 1 —Participant with Magellan GPS Device

An observational study was carried out to gain knowledge about the sensitivity of location information. This study involved a civilian participant who had their daily movements tracked from Monday 15th August 2005 to Sunday 28th August 2005. The participant is a 21 year old university student who works part-time and owns a vehicle. Each day during the two weeks of the study the participant carried a Magellan Meridian Gold handheld device either in a carry bag or pocket (see figure 1). The GPS device was setup to collect location data every three seconds. At the end of each day this data was uploaded into GIS software “DiscoverAus Streets & Tracks” which was used to save and analyze the data. Throughout the entire study the observer stayed in the area of Wollongong, NSW, Australia.

A great deal of information was found out about the observer by tracking them over an extended period of time. From data coordinates it is easy to deduce information such as where the participant is located at a given point in time and the speed at which they are traveling. However, more invasive personal data, such as where the participant lives, his workplace and social activities can also be found. It is also possible to create detailed profiles about the participant based on his daily travel routines. For instance, the speed at which the participant is traveling can indicate the form of transport they are using. How long they spend at a location can determine the type of activities the participant is also engaged in.

Figure 2 shows the participant's movements on day 10 of the study (24th August 2005). On this day the participant traveled from their home to the University of Wollongong, and then to their place of work. This day is typical of other weekdays in the study as the most common locations traveled were to the participant's home, University and workplace. The user's daily track movements are indicated by the thicker lines (two closed loops connected by a highway). With the GIS software it is possible to play the participant's movements in real time, to get a step-by-step and magnified view of their whereabouts. Roads, highways, train tracks and trails are clearly presented in the map. Key locations, street names and suburb names are also shown on the map. Even more data could be gathered manually or purchased to overlay onto the current details. It would be interesting also to show intersecting trails of other members of the family during the same study period. Different types of “families” or “groups” would have different types of profiles, some lending themselves to greater location movement than others, with communities-of-interest (CoI) varying widely from local, national and international travel.

Figure 2 —Participant Track Data for the Study Period

4.2 Graphical travel logs

Graphical analysis of track data also gives indications of a person's travel habits and behavior, providing that all the data is accurate and free from errors. The following graphs (figures 3–6) are meaningful representations of speed, time, distance, and elevation data collected by the GPS.

Figure 3  Time/Speed Graph: indicates speed at a specific time, when a person is traveling from one place to another, and how long the person spends at a given location.

Figure 3 Time/Speed Graph: indicates speed at a specific time, when a person is traveling from one place to another, and how long the person spends at a given location.

Figure 4:  Distance/Speed Graph indicates speed at a specific point in a journey, and whether a person is in a vehicle or walking (i.e. form of transport).

Figure 4: Distance/Speed Graph indicates speed at a specific point in a journey, and whether a person is in a vehicle or walking (i.e. form of transport).

Figure 5:  Time/Distance Graph indicates the length of time a person stays at a location, the length of time a person is on the move, and the number of places a person travels to.

Figure 5: Time/Distance Graph indicates the length of time a person stays at a location, the length of time a person is on the move, and the number of places a person travels to.

Figure 6:  Distance/Elevation Graph indicates a person's location by comparing the elevation patterns with other data.

Figure 6: Distance/Elevation Graph indicates a person's location by comparing the elevation patterns with other data.

 

SECTION 5. GPS tracking issues

5.1 Accuracy

Although not perfect in terms of accuracy of a given location fix, the GPS is generally perceived by civilians as being close to perfect. However, on several occasions in the observational study substantial errors occurred. Over the two weeks of the observational study there were six significant signal dropouts. During a signal dropout a person's location is not known. All of these dropouts occurred while the participant was traveling by car. It is likely that the GPS receiver was not positioned well enough to gain an accurate signal or traditional natural/physical factors affected the device. This kind of signal dropout could be costly in a real life scenario if a person's location was mandatory. There were also five significant speed miscalculations during the study. Speed is found by calculating the distance traveled between two points within a given time period. For example, on day 13 of the observational study the tracking information indicated a speed of 600 km/h whilst in a moving vehicle. This was found by calculating the time and location differences between two subsequent tracking points. The collected GPS data indicated the participant had traveled 0.0479884332997 kilometres in 5 seconds.

Table 3  Summary of Geolocation Trail Data

Table 3 Summary of Geolocation Trail Data

5.2 Editing track data

The GPS device used to collect location data stored tracking nodes which recorded location and time data every 3 seconds. GIS software was then used to create an entire track by joining each tracking node. However, the software also grants the user the option to add and edit tracking nodes. This feature is included to assist in navigation but could be used for other covert reasons. The use of GPS location data is surprisingly considered legitimate evidence in legal trials [12]. It is possible to convict an innocent man of a crime they did not commit by editing track data to falsify evidence. Stringent security and validation checks need to be set in place if authorities plan to use GPS track data as valid evidence in a court trial.

5.3 User travel behavior

An analysis of the track data has shown that the participants' daily movements are quite similar each week (compare figures 7 and 8, 9 and 10) and is a reflection of their daily routines and behavior. The observer took the exact same travel route whenever they traveled to a known location, like home or work, even though there are alternate routes-reflecting how habitual some humans are. The track data also reflects the participant's behavior when they are running late for a meeting or deadline (i.e. the participant accelerated their speed while walking/driving). This kind of information can be used to create intelligent systems which can observe what a person is doing and then alert systems when their behavior is out of the ordinary.

Figure 7:  Time/Speed Graph (17 August 2005)

Figure 7: Time/Speed Graph (17 August 2005)

Figure 8:  Time/Speed Graph (24 August 2005)

Figure 8: Time/Speed Graph (24 August 2005)

Figure 9:  Distance/Speed Graph (17 August 2005)

Figure 9: Distance/Speed Graph (17 August 2005)

Figure 10:  Distance/Speed Graph (24 August 2005)

Figure 10: Distance/Speed Graph (24 August 2005)

Substantial similarities can be seen between like graphs, one week to the next. Both sets of time/speed graphs indicate the participant traveled on four occasions during the same day of the week, in consecutive weeks. The distance/speed graph shows similar patterns of traveling speed. In fact, the graphs of every single weekday were almost identical one week to the next, typical of a university student pattern of behavior. The weekends did not vary that much either- an opportunity to go to work, take a break for some socializing, and return home for further study.

5.4 Detail of GIS

The GIS software used, provided details on the roads, highways and the location of major landmarks but did not show any building data. There are however, databases like MapInfo's MapMarker or the Australian Geographical National Address File (G-NAF) that could be coupled with a telemarketing list to provide a rich background layer. In this project, little could be deduced from the user's location at certain longitude and latitude coordinates (apart from what the user provided) because the supporting database was absent. The level of detail in a GIS could be made scalable to correspond with its application context. In applications which require high resolution detail, the GIS could be setup to display roads, buildings and landmarks. Conversely, if little detail is needed it could show the user's location in relation to important landmarks.

5.5 User awareness

Several days into the study the user indicated that it was easy to forget about the fact they were being tracked or observed (see section 6). Any activity that is carried out at length could easily become routine. By the end of the study the user was not concerned about being tracked but was more concerned about having to carry the device around. If GPS were to be enforced on parolees as a deterrent to crime, the participant felt it might lose effectiveness as a tool in the longer term.

5.6 Outcomes of the observational pilot study

This pilot study provided a practical perspective to the process of GPS tracking and proved that it can be accomplished with relative ease. The evidence suggests that tracking a person over an extended period of time is an invasion of privacy as GPS applications can track every detail of a person's movements. The probability of inaccuracies and the possibility of editing data poses questions about the reliability of such information. The effectiveness of GPS tracking in deterring crime may not be as great as first thought because the user may become blasé about its presence.

SECTION 6. Participant diary entries-narrative

This section is taken verbatim from the participant's diaries made between Monday 15th August 2005 and Sunday 28th August 2005. It is important to highlight some of the end-user perceptions and attitudes towards the basic GPS tracking application.

Day 1: Monday 15th August 2005

Today was the first day of tracking. Throughout the day I was very conscious of the device I was carrying. Every time I left for a new location I would check if the device was working and if I was getting an accurate reading. A person being tracked would not be too concerned whether their receiver was working or not. Although a parolee with a faulty tracking device may face immediate repercussions.

Day 2: Tuesday 16th August 2005

It would seem that my primary objective is to simply carry the device, not to track my movements. I rarely think what someone else would think. In fact, I am in a different state of mind when I am downloading and looking over the waypoints I collected that particular day. Most of the time when I am traveling from place to place I am concerned about whether the device is working, how much battery life I have left, if a signal has been picked up.

Day 3: Wednesday 17th August 2005

Running late for a meeting today I noticed that I was traveling faster than normal. Not just when I was driving but my walking pace was very fast. This behavior was projected through my physical movements which were picked up in the GPS receiver. From this experience it could be possible to create user profiles on a person being tracked. For example, analyzing the walking speed can reveal an approximate walking span and from that the approximate height of the person can be deduced. This idea may seem farfetched and outlandish but it would be an interesting experiment to conduct one day.

Day 4: Thursday 18th August 2005

A thought occurred to me while I was driving to the RTA to do my driving test for my full license. What if all cars carried a GPS or similar LBS device on board and two cars were involved in a car accident. The Driver Qualification Handbook indicates that three most common types of crashes by new drivers involve two cars in rear-end collisions, adjacent collision when turning corners and opposite collisions when turning corners. A GPS could be used to reveal what exactly happened in an accident like which person hit first and which person was traveling the fastest. If cars were being tracked there could be rules set out to provide automated emergency responses. For example, if the speed of a vehicle decelerated at an alarming rate, e.g., from 100 km/h to 0 km/h in less than a few seconds, it would be fair to say that the vehicle was involved in an accident.

Day 5: Friday 19th August 2005

While analyzing today's tracking data I have noticed that the device sometimes loses a signal when I am driving. This is most likely due to the poor placement of the receiver. If a GPS device was used to track a person, the placement of the receiver would be very important. Parolees often have GPS devices placed around their ankles leaving it very low on the body and unable to get the best signal. I think receivers need to be placed higher up on the body to ensure continuous and accurate readings.

Day 6: Saturday 20th August 2005

The mapping software I used to download my tracking data gives the option to add and edit way points or tracking nodes. It would be easy to frame a person by editing the location data and disproving any alibi they may have. I wonder about the reliability of location data collected from GPS devices alone.

Day 7: Sunday 21st August 2005

After a week of tracking I have voluntarily decided to extend the study period of personal tracking so that I will have more data to analyze. I am not concerned about tracking my movements for another week. In fact, I am eager to continue this study to get more data and to make weekly profile comparisons possible.

Day 8: Monday 22nd August 2005

I am beginning the second week of tracking today and my awareness level of the tracking of my own movements has dulled. Throughout the day I do not consciously think of myself as being tracked. At times I may check if the device is working correctly but I am not concerned about the data the device is collecting about me. I can now say that after eight days of tracking, I am used to the process, even though it is such an abnormal activity.

Day 9: Tuesday 23rd August 2005

After replacing the batteries in the device with a fresh set I have noticed the device picks up a signal much quicker than it did with a used set of batteries. This makes sense to me; the more power the device has the better it will work. However, this has ramifications for people being tracked, especially prisoners on parole who have to recharge the batteries each day.

Day 10: Wednesday 24th August 2005

It has occurred to me that the pervasiveness of GPS tracking depends on the complexity and detail of the GIS being used. The more information being displayed on a GIS such as landmarks, roads, side streets, the more information about the person's movements are available. When I analyze my own movements at the end of the day, I find myself sequentially and systematically recollecting where I went, and reevaluating my motives for being there.

Day 11: Thursday 25th August 2005

I have noticed that so far my data is fairly ‘static’, based on my weekly and daily routines. For example, I regularly travel to University and my workplace at the same time and day each week. I could also make the assumption that many people have stringent daily routines, especially people that are currently being tracked using GPS. Intelligent systems could be developed to monitor these movements automatically. The system could analyze a person's movements over a week or two and develop a personalized information system that would create user profile based on their activities.

Day 12: Friday 26th August 2005

No entry.

Day 13: Saturday 27th August 2005

The entire process of tracking my movements has become a habit. I can imagine it would be similar for any person who has to have their movements tracked. I am relieved the entire process is drawing to a close mainly because I do not have to carry around the GPS device anymore. This is not on account of the bulkiness or weight of the device (it only weighs 233 grams)- but my relief comes from the knowledge that I do not have to worry about being attached to this gadget both physically and mentally.

Day 14: Sunday 28th August 2005

Today is the final day of this study. I did not track my movements today because I stayed at home. Looking back at the previous weeks I did make an effort to travel a lot so I would have a substantial amount of data to analyze. I wonder if this will have an opposite effect on a person being tracked by a second party. Would they travel less? Would a teenager being tracked still visit places his/her parents thought of disapprovingly?

SECTION 7. Towards überveillance

Dataveillance is defined as the “systematic use of personal data systems in the investigation or monitoring of the actions of one or more persons” [13]. M. G. Michael [14] has spoken of an emerging-überveillance-above and beyond almost omnipresent 24/7 surveillance. The problem, he has gone on to say, is that in human terms at least, “omnipresence will not always equate with omniscience, hence the real concern for misinformation, misinterpretation, and information manipulation.” In the case of the civilian participant observed in this study we cannot assume everything based on his/her location. Being located in the bounds of the “home” does not mean that the participant has gone to sleep or is inactive; while he/she is at “university” it does not mean they are studying or in class; going to “work” (which happens to be a gymnasium) does not mean the civilian is working out; visiting the location of the “unibar” does not mean the civilian was drinking anything but cola; a “signal dropout” does not presume the civilian did not take a detour from their normal route; and a “speed miscalculation” does not necessarily mean the civilian was not speeding, they may have been in an alternate mode of transportation like an airplane, train or speedboat. Thus while location can be revealing, it can also be misleading. It is important that end-users of location based services, save for law enforcement, be able to “opt-out” of being tracked, rendering themselves “untraceable” for whatever reason. Being untraceable does not mean that one is doing something wrong, it is one's right to be “left alone”, and LBS policies need to ensure these safeguards are built in to their applications. Being tracked by multiple “live” devices will also become an issue for the future. What is the true location of a person who is tracked by more than one device-the notion of moving and stationary association confidences is important here [15].

SECTION 8. Conclusion

Tracking is very invasive so care must be taken to ensure that only essential information about that person is revealed. Levels of privacy can be controlled by incorporating intelligent systems and customizing the amount of detail in a given geographic information system. If these types of measures are enforced GPS tracking can be used in an ethical manner which is beneficial to the person being tracked, not detrimental.

GPS is an effective technology and it can potentially save lives, however many current applications are not suited to it. Many groups of people rely heavily on the technology even though it is prone to inaccuracies and unreliable at times. Technological convergence may correct some of these issues but a real problem is posed if the GPS network is solely relied upon. It should be remembered that as we build more and more mission-critical applications that rely upon GPS, that the US government can shut down parts of the system in times of crisis, in addition to having already existing problems maintaining their satellites. When using any form of GPS tracking device, backup systems need to be implemented, and a Murphy's Law type mentality needs to be encouraged: If the GPS can fail, it will fail!

These findings apply to all parties which track the movements of others. These groups include police responsible for law enforcement, parole officers, caretakers of dementia patients, parents who want to track their children and employers who track their employees. These groups need to ensure that the tracking of people is done in a just and ethical fashion. It is up to the trackers to ensure that the tracking of another human is done in a way which is beneficial to the person involved and the wider community.

SECTION 9. Further research

The next phase in this research is to carry out a group observational study. The observational study in this paper was limited to a single participant but it would be interesting to track the movements of a group of people. A study like this could be used to investigate whether detailed portfolios can be created from anonymous participants based on their travel patterns. Another aim could be to create an intelligent system that would collect and analyze the movements of people automatically. In addition to an observational study several people who have had GPS tracking imposed on them could be interviewed to ascertain the emotional and psychological consequences of having a GPS tracking device attached 24/7 for long periods of time.

References

1. S. Dur, M. Gruteser, X. Liu et al., "Context and Location: Framework for Security and Privacy in Automotive Telematics", Proceedings of the 2nd International Workshop on Mobile Commerce, pp. 25-32, 2002.
2. K. Kayama, I.E. Yairi, S. Igi, "Semi-Autonomous Outdoor Mobility Support System for Elderly and Disabled People", International Conference on Intelligent Robots and Systems, pp. 2606-2611, 2003.
3. Pingali, R. Jain, "Electronic Chronicles: Empowering Individuals Groups and Organisations", IEEE International Conference on Multimedia and Expo, pp. 1540-1544, 2005.
4. R. Cucchiara, C. Grana, G. Tardini, "Track-based and Object-based Occlusion for People Tracking Refinement in Indoor Surveillance", Proceedings of the ACM 2nd International Workshop on Video Surveillance & Sensor Networks, pp. 81-87, 2004.
5. G.M. Djuknic, R.E. Richton, "Geolocation and Assisted GPS" in , IEEE Computer, pp. 123-125, 2001.
6. A. Arora, A. Ferworn, "Pocket PC Beacons: Wi-Fi based Human Tracking and Following", Proceedings of the 2005 ACM Symposium on Applied Computing SAC'05, pp. 970-974, 2005.
7. H-C Wang, J-C Lin et al., "Proactive Health Care Underpinned by Embedded and Mobile Technologies", Proceedings of the Fourth Annual ACIS International Conference on Computer and Information Service, pp. 453-460, 2005.
8. A. Applewhite, "What Knows Where You Are? Personal Safety in the Early Days of Wireless" in Pervasive Computing, IEEE, pp. 4-8, 2002.
9. S. Morris, A. Morris, K. Barnard, "Digital Trail Libraries", Joint ACM/IEEE Conference on Digital Libraries, pp. 63-71, 2004.
10. U. Hengartner, P. Steenkiste, "Access Control to People Location Information", ACM Transactions on Information and System Security, vol. 8, no. 4, pp. 424-456, 2005.
11. C. Robson, Real world research, Melbourne:Blackwell Publishing, 2002.
12. K. Michael, A. McNamee, M.G. Michael et al., "The Emerging Ethics of Humancentric GPS Tracking and Monitoring", International Conference on Mobile Business, 2006.
13. R.A. Clarke, "Information Technology and Dataveillance", Communications of the ACM, vol. 31, no. 5, pp. 498-512, 1988.
14. M.G. Michael, "Consequences of Innovation" in IACT 405/905 Information Technology and Innovation, NSW, Australia:University of Wollongong, 2006.
15. J. Myllymaki, S. Edlund, "Location Aggregation from Multiple Sources", The International Conference on Mobile Management, pp. 131-138, 2002

Keywords

Humans, Global Positioning System, Geographic Information Systems, Computer science, Monitoring, Business, Credit cards, Data privacy, Surveillance, Tracking, artificial intelligence, monitoring, object monitoring, location-based intelligence, GPS, object tracking
 

Citation: Katina Michael, Andrew McNamee, M.G. Michael, Holly Tootell, "Location-based intelligence - modeling behavior in humans",  ISTAS 2006. IEEE International Symposium on Technology and Society, 8-10 June, 2006, USA.