Location-Based Privacy, Protection, Safety, and Security


This chapter will discuss the interrelated concepts of privacy and security with reference to location-based services, with a specific focus on the notion of location privacy protection. The latter can be defined as the extent and level of control an individual possesses over the gathering, use, and dissemination of personal information relevant to their location, whilst managing multiple interests. Location privacy in the context of wireless technologies is a significant and complex concept given the dual and opposing uses of a single LBS solution. That is, an application designed or intended for constructive uses can simultaneously be employed in contexts that violate the (location) privacy of an individual. For example, a child or employee monitoring LBS solution may offer safety and productivity gains (respectively) in one scenario, but when employed in secondary contexts may be regarded as a privacy-invasive solution. Regardless of the situation, it is valuable to initially define and examine the significance of “privacy” and “privacy protection,” prior to exploring the complexities involved.

16.1 Introduction

Privacy is often expressed as the most complex issue facing location-based services (LBS) adoption and usage [44, p. 82, 61, p. 5, 66, pp. 250–254, 69, pp. 414–415]. This is due to numerous factors such as the significance of the term in relation to human rights [65, p. 9]. According to a report by the Australian Law Reform Commission (ALRC), “privacy protection generally should take precedence over a range of other countervailing interests, such as cost and convenience” [3, p. 104]. The intricate nature of privacy is also a result of the challenges associated with accurately defining the term [13, p. 4, 74, p. 68]. That is, privacy is a difficult concept to articulate [65, p. 13], as the term is liberally and subjectively applied, and the boundaries constituting privacy protection are unclear. Additionally, privacy literature is dense, and contains varying interpretations, theories and discrepancies as to what constitutes privacy. However, as maintained by [65, p. 67], “[o]ne point on which there seems to be near-unanimous agreement is that privacy is a messy and complex subject.” Nonetheless, as asserted by [89, p. 196], privacy is fundamental to the individual due to various factors:

The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual.

The Oxford English Dictionary definition of security is the “state of being free from danger or threat.” A designation of security applicable to this research is “a condition in which harm does not arise, despite the occurrence of threatening events; and as a set of safeguards designed to achieve that condition” [92, pp. 390–391]. Security and privacy are often confused in LBS scholarship. Elliot and Phillips [40, p. 463] warn that “[p]rivacy is not the same as security,” although the two themes are related [70, p. 14]. Similarly, Clarke [21] states that the term privacy is often used by information and communication technology professionals to describe data and data transmission security. The importance of security is substantiated by the fact that it is considered “a precondition for privacy and anonymity” [93, p. 2], and as such the two themes are intimately connected. In developing this chapter and surveying security literature relevant to LBS, it became apparent that existing scholarship is varied, but nonetheless entails exploration of three key areas. These include: (1) security of data or information, (2) personal safety and physical security, and (3) security of a nation or homeland/national security, interrelated categories adapted from [70, p. 12].

This chapter will discuss the interrelated concepts of privacy and security with reference to LBS, with a specific focus on the notion of location privacy protection. The latter can be defined as the extent and level of control an individual possesses over the gathering, use, and dissemination of personal information relevant to their location [38, p. 1, 39, p. 2, 53, p. 233], whilst managing multiple interests (as described in Sect. 16.1.1). Location privacy in the context of wireless technologies and LBS is a significant and complex concept given the dual and opposing uses of a single LBS solution. That is, an application designed or intended for constructive uses can simultaneously be employed in contexts that violate the (location) privacy of an individual. For example, a child or employee monitoring LBS solution may offer safety and productivity gains (respectively) in one scenario, but when employed in secondary contexts may be regarded as a privacy-invasive solution. Regardless of the situation, it is valuable to initially define and examine the significance of “privacy” and “privacy protection,” prior to exploring the complexities involved.

16.1.1 Privacy: A Right or an Interest?

According to Clarke [26, pp. 123–129], the notions of privacy and privacy protection emerged as important social issues since the 1960s. An enduring definition of privacy is the “right to be let alone” [89, p. 193]. This definition requires further consideration as it is quite simplistic in nature and does not encompass diverse dimensions of privacy. For further reading on the development of privacy and the varying concepts including that of Warren and Brandeis, see [76]. Numerous scholars have attempted to provide a more workable definition of privacy than that offered by Warren and Brandeis.

For instance, [21] maintains that perceiving privacy simply as a right is problematic and narrow, and that privacy should rather be viewed as an interest or collection of interests, which encompasses a number of facets or categories. As such, privacy is defined as “the interest that individuals have in sustaining a ‘personal space’, free from interference by other people and organisations” [2126]. In viewing privacy as an interest, the challenge is in balancing multiple interests in the name of privacy protection. This, as Clarke [21] maintains, includes opposing interests in the form of one’s own interests, the interests of other people, and/or the interests of other people, organizations, or society. As such Clarke refers to privacy protection as “a process of finding appropriate balances between privacy and multiple competing interests.”

16.1.2 Alternative Perspectives on Privacy

Solove’s [80] taxonomy of privacy offers a unique, legal perspective on privacy by grouping privacy challenges under the categories of information collection, information processing, information dissemination, and invasion. Refer to [80, pp. 483–558] for an in depth overview of the taxonomy which includes subcategories of the privacy challenges. Nissenbaum [65, pp. 1–2], on the other hand, maintains that existing scholarship generally expresses privacy in view of restricting access to, and maintaining control over, personal information. For example, Quinn [73, p. 213] insists that the central theme in privacy debates is that of access, including physical access to an individual, in addition to information access. With respect to LBS and location privacy, Küpper and Treu [53, pp. 233–234] agree with the latter, distinguishing three categories of access: (1) third-party access by intruders and law enforcement personnel/authorities, (2) unauthorized access by providers within the supply chain for malicious purposes, and (3) access by other LBS users. Nissenbaum [65, pp. 1–2] disputes the interpretation focused on access and control, noting that individuals are not interested in “simply restricting the flow of information but ensuring that it flows appropriately.” As such, Nissenbaum offers the framework of contextual integrity, as a means of determining when certain systems and practices violate privacy, and transform existing information flows inappropriately [65, p. 150]. The framework serves as a possible tool that can assist in justifying the need for LBS regulation.

A primary contribution from Nissenbaum is her emphasis on the importance of context in determining the privacy-violating nature of a specific technology-based system or practice. In addition to an appreciation of context, Nissenbaum recognizes the value of perceiving technology with respect to social, economic, and political factors and interdependencies. That is, devices and systems should be considered as socio-technical units [65, pp. 5–6].

In relation to privacy, and given the importance of socio-technical systems, the complexities embedded within privacy may, therefore, arise from the fact that the term can be examined from a number of perspectives. For instance, it can be understood in terms of its philosophical, psychological, sociological, economical, and political significance [2126]. Alternatively, privacy theory can provide varying means of interpretation, given that available approaches draw on inspiration from multiple disciplines such as computer science and engineering, amongst others [65, p. 67]. It is also common to explore privacy through its complex dimensions.

According to Privacy International, for instance, the term comprises the aspects of information privacy, bodily privacy, privacy of communications, and territorial privacy [72]. Similarly, in providing a contemporary definition of privacy, Clarke [26] uses Maslow’s hierarchy of needs to define the various categories of privacy; that is, “privacy of the person,” “privacy of personal behavior,” “privacy of personal communications,” and “privacy of personal data.” Clarke argues that since the late 1960s the term has been confined, in a legal sense, to the last two categories. That is, privacy laws have been restricted in their focus in that they are predominantly based on the OECD fair information principles, and lack coverage of other significant categories of privacy. Therefore, the label of information privacy, typically interchangeable with data privacy, is utilized in reference to the combination of communications and data privacy [21], and is cited by [58, pp. 5–7] as a significant challenge in the information age.

16.2 Background

16.2.1 Defining Information Privacy

In Alan Westin’s prominent book Privacy and Freedom, information privacy is defined as “the right of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others” [90, p. 7]. Information in this instance is personal information that can be linked to or identify a particular individual [33, p. 326]. For a summary of information privacy literature and theoretical frameworks, presented in tabular form, refer to [8, pp. 15–17].

16.2.2 Information Privacy Through the Privacy Calculus Perspective

For the purpose of this chapter, it is noteworthy that information privacy can be studied through differing lenses, one of which is the privacy calculus theoretical perspective. Xu et al. [95, p. 138] explain that “the calculus perspective of information privacy interprets the individual’s privacy interests as an exchange where individuals disclose their personal information in return for certain benefits.” It can be regarded a form of “cost–benefit analysis” conducted by the individual, where privacy is likely to be (somewhat) relinquished if there is a perceived net benefit resulting from information disclosure [33, p. 327]. This perspective acknowledges the claim that privacy-related issues and concerns are not constant, but rather depend on perceptions, motivations, and conditions that are context or situation dependent [78, p. 353]. A related notion is the personalizationprivacy paradox, which is based on the interplay between an individual’s willingness to reap the benefits of personalized services at the expense of divulging personal information, which may potentially threaten or invade their privacy. An article by Awad and Krishnan [8] examines this paradox, with specific reference to online customer profiling to deliver personalized services. The authors recommend that organizations work on increasing the perceived benefit and value of personalized services to ensure “the potential benefit of the service outweighs the potential risk of a privacy invasion” [8, p. 26].

In the LBS context, more specifically, Xu et al. [94] build on the privacy calculus framework to investigate the personalization–privacy paradox as it pertains to overt and covert personalization in location-aware marketing. The results of the study suggest that the personalization approaches (overt and covert) impact on the perceived privacy risks and values. A complete overview of results can be found in [94, pp. 49–50]. For further information regarding the privacy calculus and the personalization–privacy paradox in the context of ubiquitous commerce applications including LBS, refer to [78]. These privacy-related frameworks and the concepts presented in this section are intended to be introductory in nature, enabling an appreciation of the varied perspectives on privacy and information privacy, in addition to the importance of context, rather than providing thoroughness in the treatment of privacy and information privacy. Such notions are particularly pertinent when reflecting on privacy and the role of emerging information and communication technologies (ICTs) in greater detail.

16.2.3 Emerging Technologies, m-Commerce and the Related Privacy Challenges

It has been suggested that privacy concerns have been amplified (but not driven) by the emergence and increased use of ICTs, with the driving force being the manner in which these technologies are implemented by organizations [2126]. In the m-commerce domain, mobile technologies are believed to boost the threat to consumer privacy. That is, the intensity of marketing activities can potentially be increased with the availability of timely location details and, more significantly, tracking information; thus enabling the influencing of consumer behaviors to a greater extent [25]. The threat, however, is not solely derived from usage by organizations. Specifically, the technologies originally introduced for use by government and organizational entities are presently available for consumer adoption by members of the community. For further elaboration, refer to Abbas et al. [1] and chapter 8 of Andrejevic [4]. Thus, location (information) privacy protection emerges as a substantial challenge for the government, business, and consumer sectors.

16.2.4 Defining Location (Information) Privacy

Location privacy, regarded a subset of information privacy, has been defined and presented in various ways. Duckham [38, p. 1] believes that location privacy is “the right of individuals to control the collection, use, and communication of personal information about their location.” Küpper and Treu [53, p. 233] define location privacy as “the capability of the target person to exercise control about who may access her location information in which situation and in which level of detail.” Both definitions focus on the aspect of control, cited as a focal matter regarding location privacy [39, p. 2]. With specific reference to LBS, location privacy and related challenges are considered to be of utmost importance. For example, Perusco and Michael [70, pp. 414–415], in providing an overview of studies relating to the social implications of LBS, claim that the principal challenge is privacy.

In [61, p. 5] Michael et al. also state, with respect to GPS tracking, that privacy is the “greatest concern,” resulting in the authors proposing a number of questions relating to the type of location information that should be revealed to other parties, the acceptability of child tracking and employee monitoring, and the requirement for a warrant in the tracking of criminals and terrorists. Similarly, Bennett and Crowe [12, pp. 9–32] reveal the privacy threats to various individuals, for instance those in emergency situations, mobile employees/workers, vulnerable groups (e.g., elderly), family members (notably children and teenagers), telematics application users, rental car clients, recreational users, prisoners, and offenders. In several of these circumstances, location privacy must often be weighed against other conflicting interests, an example of which is the emergency management situation. For instance, Aloudat [2, p. 54] refers to the potential “deadlock” between privacy and security in the emergency context, noting public concerns associated with the move towards a “total surveillance society.”

16.2.5 Data or Information Security

It has been suggested that data or information security in the LBS domain involves prohibiting unauthorized access to location-based information, which is considered a prerequisite for privacy [88, p. 121]. This form of security is concerned with “implementing security measures to ensure that collected data is only accessed for the agreed-upon purpose” [46, p. 1]. It is not, however, limited to access but is also related to “unwanted tracking” and the protection of data and information from manipulation and distortion [10, p. 185]. The techniques and approaches available to prevent unauthorized access and minimize chances of manipulation include the use of “spatially aware access control systems” [34, p. 28] and security- and privacy-preserving functionality [9, p. 568]. The intricacies of these techniques are beyond the scope of this investigation. Rather, this section is restricted to coverage of the broad data and information security challenges and the resultant impact on LBS usage and adoption.

16.2.6 Impact of Data or Information Security on LBS Market Adoption

It has been suggested that data and information security is a fundamental concern influencing LBS market adoption. From a legal standpoint, security is an imperative concept, particularly in cases where location information is linked to an individual [41, p. 22]. In such situations, safeguarding location data or information has often been described as a decisive aspect impacting on user acceptance. These claims are supported in [85, p. 1], noting that user acceptance of location and context-aware m-business applications are closely linked to security challenges. Hence, from the perspective of organizations wishing to be “socially-responsive,” Chen et al. [19, p. 7] advise that security breaches must be avoided in the interest of economic stability:

Firms must reassure customers about how location data are used…A security lapse, with accompanying publicity in the media and possible ‘negligence’ lawsuits, may prove harmful to both sales and the financial stability of the firm.

Achieving satisfactory levels of security in location- and context-aware services, however, is a tricky task given the general issues associated with the development of security solutions; inevitable conflicts between protection and functionality; mobile-specific security challenges; inadequacy of standards to account for complex security features; and privacy and control-related issues [85, pp. 1–2]. Furthermore, developing secure LBS involves consideration of multiple factors; specifically those related to data or information accuracy, loss, abuse, unauthorized access, modification, storage, and transfer [83, p. 10]. There is the additional need to consider security issues from multiple stakeholder perspectives, in order to identify shared challenges and accurately assess their implications and the manner in which suitable security features can be integrated into LBS solutions. Numerous m-business security challenges relevant to LBS from various perspectives are listed in [85]. Data security challenges relevant to LBS are also discussed in [57, pp. 44–46].

16.3 Privacy and Security Issues

16.3.1 Access to Location Information Versus Privacy Protection

The issue of privacy in emergency situations, in particular, is delicate. For instance, Quinn [73, p. 225] remarks on the benefits of LBS in safety-related situations, with particular reference to the enhanced 911 Directive in the US, which stipulates that the location of mobile phones be provided in emergency situations, aiding in emergency response efforts. The author continues to identify “loss of privacy” as a consequence of this service, specifically in cases where location details are provided to third parties [73, p. 226]. Such claims imply that there may be conflicting aims in developing and utilizing LBS. Duckham [38, p. 1] explains this point, stating that the major challenge in the LBS realm is managing the competing aims of enabling improved access to location information versus allowing individuals to maintain a sufficient amount of control over such information. The latter is achieved through the deployment of techniques for location privacy protection.

16.3.2 Location Privacy Protection

It is valid at this point to discuss approaches to location privacy protection. Bennett and Grant [13, p. 7] claim that general approaches to privacy protection in the digital age may come in varied forms, including, but not limited to, privacy-enhancing technologies, self-regulation approaches, and advocacy. In terms of LBS, substantial literature is available proposing techniques for location privacy protection, at both the theoretical and practical levels. A number of these techniques are best summarized in [39, p. 13] as “regulation, privacy policies, anonymity, and obfuscation.” A review of complementary research on the topic of privacy and LBS indicate that location privacy has predominantly been examined in terms of the social challenges and trade-offs from theoretical and practical perspectives; the technological solutions available to maintain location privacy; and the need for other regulatory response(s)to address location privacy concerns. The respective streams of literature are now inspected further in this chapter.

16.3.3 Social Challenges and Trade-Offs

In reviewing existing literature, the social implications of LBS with respect to privacy tend to be centered on the concepts of invasion, trade-off, and interrelatedness and complexity. The first refers primarily to the perceived and actual intrusion or invasion of privacy resulting from LBS development, deployment, usage, and other aspects. Alternatively, the trade-off notion signifies the weighing of privacy interest against other competing factors, notably privacy versus convenience (including personalization) and privacy versus national security. On the other hand, the factors of interrelatedness and complexity refer to the complicated relationship between privacy and other ethical dilemmas or themes such as control, trust, and security.

With respect to the invasion concept, Westin notes that concerns regarding invasion of privacy were amplified during the 1990s in both the social and political spheres [91, p. 444]. Concentrating specifically on LBS, [62, p. 6] provides a summary of the manner in which LBS can be perceived as privacy-invasive, claiming that GPS tracking activities can threaten or invade the privacy of the individual. According to the authors, such privacy concerns can be attributed to a number of issues regarding the process of GPS tracking. These include: (1) questionable levels of accuracy and reliability of GPS data, (2) potential to falsify the data post-collection, (3) capacity for behavioral profiling, (4) ability to reveal spatial information at varying levels of detail depending on the GIS software used, and (5) potential for tracking efforts to become futile upon extended use as an individual may become nonchalant about the exercise [62, pp. 4–5]. Other scholars examine the invasion concept in various contexts. Varied examples include [55] in relation to mobile advertising, [51] in view of monitoring employee locations, and [79] regarding privacy invasion and legislation in the United States concerning personal location information.

Current studies declare that privacy interests must often be weighed against other, possibly competing, factors, notably the need for convenience and national security. That is, various strands of LBS literature are fixed on addressing the trade-off between convenience and privacy protection. For instance, in a field study of mobile guide services, Kaasinen [50, p. 49] supports the need for resolving such a trade-off, arguing that “effortless use” often results in lower levels of user control and, therefore, privacy. Other scholars reflect on the trade-off between privacy and national security. In an examination of the legal, ethical, social, and technological issues associated with the widespread use of LBS, Perusco et al. [71] propose the LBS privacy–security dichotomy. The dichotomy is a means of representing the relationship between the privacy of the individual and national security concerns at the broader social level [71, pp. 91–97]. The authors claim that a balance must be achieved between both factors. They also identify the elements contributing to privacy risk and security risk, expressing the privacy risks associated with LBS to be omniscience, exposure, and corruption, claiming that the degree of danger is reduced with the removal of a specific risk [71, pp. 95–96]. The lingering question proposed by the authors is “how much privacy are we willing to trade in order to increase security?” [71, p. 96]. Whether in the interest of convenience or national security, existing studies focus on the theoretical notion of the privacy calculus. This refers to a situation in which an individual attempts to balance perceived value or benefits arising from personalized services against loss of privacy in determining whether to disclose information (refer to [833789495]).

The relationship between privacy and other themes is a common topic of discussion in existing literature. That is, privacy, control, security, and trust are key and interrelated themes concerning the social implications of LBS [71, pp. 97–98]. It is, therefore, suggested that privacy and the remaining social considerations be studied in light of these associations rather than as independent themes or silos of information. In particular, privacy and control literature are closely correlated, and as such the fields of surveillance and dataveillance must be flagged as crucial in discussions surrounding privacy. Additionally, there are studies which suggest that privacy issues are closely linked to notions of trust and perceived risk in the minds of users [444849], thereby affecting a user’s decision to engage with LBS providers and technologies. It is commonly acknowledged in LBS privacy literature that resolutions will seek consensus between issues of privacy, security, control, risk, and trust—all of which must be technologically supported.

16.3.4 Personal Safety and Physical Security

LBS applications are often justified as valid means of maintaining personal safety, ensuring physical security and generally avoiding dangerous circumstances, through solutions that can be utilized for managing emergencies, tracking children, monitoring individuals suffering from illness or disability, and preserving security in employment situations. Researchers have noted that safety and security efforts may be enhanced merely through knowledge of an individual’s whereabouts [71, p. 94], offering care applications with notable advantages [61, p. 4].

16.3.5 Applications in the Marketplace

Devices and solutions that capitalize on these facilities have thus been developed, and are now commercially available for public use. They include GPS-enabled wristwatches, bracelets, and other wearable items [59, pp. 425–426], in addition to their supportive applications that enable remote viewing or monitoring of location (and other) information. Assistive applications are one such example, such as those technologies and solutions suited to the navigation requirements of vision impaired or blind individuals [75, p. 104 (example applications are described on pp. 104–105)].

Alternative applications deliver tracking capabilities as their primary function; an example is the Australian-owned Fleetfinder PT2 Personal Tracker, which is advertised as a device capable of safeguarding children, teenagers, and the elderly [64]. These devices and applications promise “live on-demand” tracking and “a solid sense of reassurance” [15], which may be appealing for parents, carers, and individuals interested in protecting others. Advertisements and product descriptions are often emotionally charged, taking advantage of an individual’s (parent or carer) desire to maintain the safety and security of loved ones:

Your child going missing is every parent’s worst nightmare. Even if they’ve just wandered off to another part of the park the fear and panic is instant… [It] will help give you peace of mind and act as an extra set of eyes to look out for your child. It will also give them a little more freedom to play and explore safely [56].

16.3.6 Risks Versus Benefits of LBS Security and Safety Solutions

Despite such promotion and endorsement, numerous studies point to the dangers of LBS safety and security applications. Since their inception, individuals and users have voiced privacy concerns, which have been largely disregarded by proponents of the technology, chiefly vendors, given the (seemingly) voluntary nature of technology and device usage [6, p. 7]. The argument claiming technology adoption to be optional thereby placing the onus on the user is certainly weak and flawed, particularly given situations where an individual is incapable of making an informed decision regarding monitoring activities, supplementary to covert deployment options that may render monitoring activities obligatory. The consequences arising from covert monitoring are explored in [59] (refer to pp. 430–432 for implications of covert versus overt tracking of familiy member) and [1]. Covert and/or mandatory overt monitoring of minors and individuals suffering from illness is particularly problematic, raising doubt and questions in relation to the necessity of consent processes in addition to the suitability of tracking and what constitutes appropriate use.

In [59, p. 426] Mayer claims that there is a fine line between using tracking technologies, such as GPS, for safety purposes within the family context and improper use. Child tracking, for instance, has been described as a controversial area centered on the safety versus trust and privacy debate [77, p. 7]. However, the argument is not limited to issues of trust and privacy. Patel discusses the dynamics in the parent–child relationship and conveys a number of critical points in relation to wearable and embedded tracking technologies. In particular, Patel provides the legal perspective on child (teenager) monitoring [68, pp. 430–435] and other emergent issues or risks (notably linked to embedded monitoring solutions), which may be related to medical complications, psychological repercussions, and unintended or secondary use [68, pp. 444–455]. In Patel’s article, these issues are offset by an explanation of the manner in which parental fears regarding child safety, some of which are unfounded, and the role of the media in publicizing cases of this nature, fuel parents’ need for monitoring teenagers, whereas ultimately the decision to be monitored (according to the author), particularly using embedded devices, should ultimately lie with the teenager [68, pp. 437–442].

16.3.7 Safety of “Vulnerable” Individuals

Similarly, monitoring individuals with an illness or intellectual disability, such as a person with dementia wandering, raises a unique set of challenges in addition to the aforementioned concerns associated with consent, psychological issues, and misuse in the child or teenager tracking scenario. For instance, while dementia wandering and other similar applications are designed to facilitate the protection and security of individuals, they can concurrently be unethical in situations where reliability and responsiveness, amongst other factors, are in question [61, p. 7]. Based on a recent qualitative, focus group study seeking the attitudes of varied stakeholders in relation to the use of GPS for individuals with cognitive disabilities [54, p. 360], it was clear that this is an area fraught with indecisiveness as to the suitability of assistive technologies [54, p. 358]. The recommendations emerging from [54, pp. 361–364] indicate the need to “balance” safety with independence and privacy, to ensure that the individual suffering from dementia is involved in the decision to utilize tracking technologies, and that a consent process is in place, among other suggestions that are technical and devices related.

While much can be written about LBS applications in the personal safety and physical security categories, including their advantages and disadvantages, this discussion is limited to introductory material. Relevant to this chapter is the portrayal of the tensions arising from the use of solutions originally intended for protection and the resultant consequences, some of which are indeed inadvertent. That is, while the benefits of LBS are evident in their ability to maintain safety and security, they can indeed result in risks, such as the use of LBS for cyber stalking others. In establishing the need for LBS regulation, it is, therefore, necessary to appreciate that there will always be a struggle between benefits and risks relating to LBS implementation and adoption.

16.3.8 National Security

Safety and security debates are not restricted to family situations but may also incorporate, as [59, p. 437] indicates, public safety initiatives and considerations, amongst others, that can contribute to the decline in privacy. These schemes include national security, which has been regarded a priority area by various governments for over a decade. The Australian government affirms that the nation’s security can be compromised or threatened through various acts of “espionage, foreign interference, terrorism, politically motivated violence, border violations, cyber attack, organised crime, natural disasters and biosecurity events” [7]. Accordingly, technological approaches and solutions have been proposed and implemented to support national security efforts in Australia, and globally. Positioning technologies, specifically, have been adopted as part of government defense and security strategies, a detailed examination of which can be found in [60], thus facilitating increased surveillance. Surveillance schemes have, therefore, emerged as a result of the perceived and real threats to national security promoted by governments [92, p. 389], and according to [63, p. 2] have been legitimized as a means of ensuring national security, thereby granting governments “extraordinary powers that never could have been justified previously” [71, p. 94]. In [20, p. 216], Cho maintains that the fundamental question is “which is the greater sin—to invade privacy or to maintain surveillance for security purposes?”

16.3.9 Proportionality: National Security Versus Individual Privacy

The central theme surfacing in relevant LBS scholarship is that of proportionality; that is, measuring the prospective security benefits against the impending privacy- and freedom-related concerns. For example, [71, pp. 95–96] proposes the privacy–security dichotomy, as means of illustrating the need for balance between an individual’s privacy and a nation’s security, where the privacy and security elements within the model contain subcomponents that collectively contribute to amplify risk in a given context. A key point to note in view of this discussion is that while the implementation of LBS may enhance security levels, this will inevitably come at the cost of privacy [71, pp. 95–96] and freedom [61, p. 9].

Furthermore, forsaking privacy corresponds to relinquishing personal freedom, a consequential cost of heightened security in threatening situations. Such circumstances weaken the effects of invasive techniques and increase, to some degree, individuals’ tolerance to them [41, p. 12]. In particular, they “tilt the balance in favor of sacrificing personal freedom for the sake of public safety and security” [36, p. 50]. For example, Davis and Silver [35] report that the trade-off between civil liberties and privacy is often correlated with an individual’s sense of threat. In reporting on a survey of Americans post the events of September 11, 2011, the authors conclude that civil liberties are often relinquished in favor of security in high-threat circumstances [35, p. 35], in that citizens are “willing to tolerate greater limits on civil liberties” [35, p. 74]. Similarly, in a dissertation centered on the social implications of auto-ID and LBS technologies, Tootell [86] presents the Privacy, Security, and Liberty Trichotomy, as a means of understanding the interaction between the three values [86: chapter 6]. Tootell concludes that a dominant value will always exist that is unique to each individual [86, pp. 162–163].

Furthermore, researchers such as Gould [45, p. 75] have found that while people are generally approving of enhanced surveillance, they simultaneously have uncertainties regarding government monitoring. From a government standpoint, there is a commonly held and weak view that if an individual has nothing to hide, then privacy is insignificant, an argument particularly popular in relation to state-based surveillance [81, p. 746]. However, this perspective has inherent flaws, as the right to privacy should not be narrowly perceived in terms of concealment of what would be considered unfavorable activities, discussed further by [81, pp. 764–772]. Furthermore, the “civil liberties vs. security trade-off has mainly been framed as one of protecting individual rights or civil liberties from the government as the government seeks to defend the country against a largely external enemy” [35, p. 29].

Wigan and Clarke state, in relation to national security, that “surveillance systems are being developed without any guiding philosophy that balances human rights against security concerns, and without standards or guidance in relation to social impact assessment, and privacy design features” [92, p. 400]. Solove [82, p. 362] agrees that a balance can be achieved between security and liberty, through oversight and control processes that restrict prospective uses of personal data. In the current climate, given the absence of such techniques, fears of an Orwellian society dominated by intense and excessive forms of surveillance materialize. However, Clarke [27, p. 39] proposes a set of “counterveillance” principles in response to extreme forms of surveillance introduced in the name of national security, which include:

independent evaluation of technology; a moratorium on technology deployments; open information flows; justification of proposed measures; consultation and participation; evaluation; design principles; balance; independent controls; nymity and multiple identity; and rollback.

The absence of such principles creates a situation in which extremism reigns, producing a flow-on effect with potentially dire consequences in view of privacy, but also trust and control.

16.4 Solutions

16.4.1 Technological Solutions

In discussing technology and privacy in general, Krumm [52, p. 391] notes that computation-based mechanisms can be employed both to safeguard and to invade privacy. It is, therefore, valuable to distinguish between privacy-invasive technologies (PITs) and privacy-enhancing technologies (PETs). Clarke [23] examines the conflict between PITs and PETs, which are tools that can be employed to invade and protect privacy interests respectively. Technologies can invade privacy either deliberately as part of their primary purpose, or alternatively their invasive nature may emerge in secondary uses [2324, p. 209]. The aspects contributing to the privacy-invasive nature of location and tracking technologies or transactions include the awareness level of the individual, whether an individual has a choice, and the capability of performing an anonymous transaction amongst others [22]. In relation to LBS, [23] cites person-location and person-tracking systems as potential PITs that require the implementation of countermeasures, which to-date have come in the form of PETs or “counter-PITs.”

Existing studies suggest that the technological solutions (i.e., counter-PITs) available to address the LBS privacy challenge are chiefly concerned with degrading the ability to pinpoint location, or alternatively masking the identity of the user. For example, [62, p. 7] suggests that “[l]evels of privacy can be controlled by incorporating intelligent systems and customizing the amount of detail in a given geographic information system”, thus enabling the ethical use of GPS tracking systems. Similarly, other authors present models that anonymize user identity through the use of pseudonyms [14], architectures and algorithms that decrease location resolution [46], and systems that introduce degrees of obfuscation [37]. Notably, scholars such as Duckham [37, p. 7] consider location privacy protection as involving multiple strategies, citing regulatory techniques and privacy policies as supplementary strategies to techniques that are more technological in nature, such as obfuscation.

16.4.2 Need for Additional Regulatory Responses

Clarke and Wigan [31] examine the threats posed by location and tracking technologies, particularly those relating to privacy, stating that “[t]hose technologies are now well-established, yet they lack a regulatory framework.” A suitable regulatory framework for LBS (that addresses privacy amongst other social and ethical challenges) may be built on numerous approaches, including the technical approaches described in Sect. 16.4.1. Other approaches are explored by Xu et al. [95] in their quasi-experimental survey of privacy challenges relevant to push versus pull LBS. The approaches include compensation (incentives), industry self-regulation, and government regulation strategies [95, p. 143]. According to Xu et al., these “intervention strategies,” may have an impact on the privacy calculus in LBS [95, pp. 136–137]. Notably, their survey of 528 participants found that self-regulation has a considerable bearing on perceived risk for both push and pull services, whereas perceived risks for compensation and government regulation strategies vary depending on types of services. That is, compensation increases perceived benefit in the push but not the pull model and, similarly, government regulation reduces perceived privacy risk in the push-based model [95, p. 158].

It should be acknowledged that a preliminary step in seeking a solution to the privacy dilemma, addressing the identified social concerns, and proposing appropriate regulatory responses is to clearly identify and assess the privacy-invasive elements of LBS in a given context- we have used Australia as an example in this instance. Possible techniques that can be employed to identify risks and implications, and consequently possible mitigation strategies, are a Privacy Impact Assessment (PIA) or employing other novel models such as the framework of contextual integrity.

16.4.3 Privacy Impact Assessment (PIA)

A PIA can be defined as “a systematic process that identifies and evaluates, from the perspectives of all stakeholders, the potential effects on privacy of a project, initiative or proposed system or scheme, and includes a search for ways to avoid or mitigate negative privacy impacts” [2930]. The PIA tool, originally linked to technology and impact assessments [28, p. 125], is effectively a “risk management” technique that involves addressing both positive and negative impacts of a project or proposal, but with a greater focus on the latter [67, pp. 4–5].

PIAs were established and developed from 1995 to 2005, and possess a number of distinct qualities, some of which are that a PIA is focused on a particular initiative, takes a forward-looking and preventative as opposed to retrospective approach, broadly considers the various aspects of privacy (i.e., privacy of person, personal behavior, personal communication, and personal data), and is inclusive in that it accounts for the interests of relevant entities [28, pp. 124–125]. Regarding the Australian context, the development of PIAs in Australia can be observed in the work of Clarke [30] who provides an account of PIA maturity pre-2000, post-2000, and the situation in 2010.

16.4.4 Framework of Contextual Integrity

The framework of contextual integrity, introduced by [65], is an alternative approach that can be employed to assess whether LBS, as a socio-technical system, violates privacy and thus contextual integrity. An overview of the framework is provided in [65, p. 14]:

The central claim is that contextual integrity captures the meaning of privacy in relation to personal information; predicts people’s reactions to new technologies because it captures what we care about when we question, protest, and resist them; and finally, offers a way to carefully evaluate these disruptive technologies. In addition, the framework yields practical, step-by-step guidelines for evaluating systems in question, which it calls the CI Decision Heuristic and the Augmented CI Decision Heuristic.

According to Nissenbaum [65], the primary phases within the framework are: (1) explanation, which entails assessing a new system or practice in view of “context-relative informational norms” [65, p. 190], (2) evaluation, which involves “comparing altered flows in relation to those that were previously entrenched” [65, p. 190], and (3) prescription, a process based on evaluation, whereby if a system or practice is deemed “morally or politically problematic,” it has grounds for resistance, redesign or being discarded [65, p. 191]. Within these phases are distinct stages: establish the prevailing context, determine key actors, ascertain what attributes are affected, establish changes in principles of transmission, and red flag, if there are modifications in actors, attributes, or principles of transmission [65, pp. 149–150].

The framework of contextual integrity and, similarly, PIAs are relevant to this study, and may be considered as valid tools for assessing the privacy-invasive or violating nature of LBS and justifying the need for some form of regulation. This is particularly pertinent as LBS present unique privacy challenges, given their reliance on knowing the location of the target. That is, the difficulty in maintaining location privacy is amplified due to the fact that m-commerce services and mobility in general, by nature, imply knowledge of the user’s location and preferences [40, p. 463]. Therefore, it is likely that there will always be a trade-off ranging in severity. Namely, one end of the privacy continuum will demand that stringent privacy mechanisms be implemented, while the opposing end will support and justify increased surveillance practices.

16.5 Challenges

16.5.1 Relationship Between Privacy, Security, Control and Trust

A common thread in discussions relating to privacy and security implications of LBS throughout this chapter has been the interrelatedness of themes; notably, the manner in which a particular consideration is often at odds with other concerns. The trade-off between privacy/freedom and safety/security is a particularly prevalent exchange that must be considered in the use of many ICTs [36, p. 47]. In the case of LBS, it has been observed that the need for safety and security conflicts with privacy concerns, potentially resulting in contradictory outcomes depending on the nature of implementation. For example, while LBS facilitate security and timely assistance in emergency situations, they simultaneously have the potential to threaten privacy based on the ability for LBS to be employed in tracking and profiling situations [18, p. 105]. According to Casal [18, p. 109], the conflict between privacy and security, and lack of adequate regulatory frameworks, has a flow-on effect in that trust in ICTs is diminished. Trust is also affected in the family context, where tracking or monitoring activities result in lack of privacy between family members [59, p. 436]. The underlying question, according to Mayer [59, p. 435] is in relation to the power struggle between those seeking privacy versus those seeking information:

What will be the impact within families as new technologies shift the balance of power between those looking for privacy and those seeking surveillance and information?

Mayer’s [59] question alludes to the relevance of the theme of control, in that surveillance can be perceived as a form of control and influence. Therefore, it can be observed that inextricable linkages exist between several themes presented or alluded to throughout this chapter; notably privacy and security, but also the themes of control and trust. In summary, privacy protection requires security to be maintained, which in turn results in enhanced levels of control, leading to decreased levels of trust, which is a supplement to privacy [70, pp. 13–14]. The interrelatedness of themes is illustrated in Fig. 16.1.

Fig. 16.1: Relationship between control, trust, privacy, and security, after [70, p. 14]

It is thus evident that the idea of balance resurfaces, with the requirement to weigh multiple and competing themes and interests. This notion is not new with respect to location monitoring and tracking. For instance, Mayer [59, p. 437] notes, in the child tracking context, that there is the requirement to resolve numerous questions and challenges in a legal or regulatory sense, noting that “[t]he key is balancing one person’s need for privacy with another person’s need to know, but who will define this balancing point?” Issues of age, consent, and reciprocal monitoring are also significant. Existing studies on location disclosure amongst social relations afford the foundations for exploring the social and ethical challenges for LBS, whilst simultaneously appreciating technical considerations or factors. Refer to [51632424347628487].

16.6 Conclusion

This chapter has provided an examination of privacy and security with respect to location-based services. There is a pressing need to ensure LBS privacy threats are not dismissed from a regulatory perspective. Doing so will introduce genuine dangers, such as psychological, social, cultural, scientific, economic, political, and democratic harm; dangers associated with profiling; increased visibility; publically damaging revelations; and oppression [31]. Additionally, the privacy considerations unique to the “locational or mobile dimension” require educating the general public regarding disclosure and increased transparency on the part of providers in relation to collection and use of location information [11, p. 15]. Thus, in response to the privacy challenges associated with LBS, and based on current scholarship, this research recognizes the need for technological solutions, in addition to commitment and adequate assessment or consideration at the social and regulatory levels. Specifically, the privacy debate involves contemplation of privacy policies and regulatory frameworks, in addition to technical approaches such as obfuscation and maintaining anonymity [37, p. 7]. That is, privacy-related technical solutions must also be allied with supportive public policy and socially acceptable regulatory structures.

For additional readings relevant to LBS and privacy, which include an adequate list of general references for further investigation, refer to [17] on privacy challenges relevant to privacy invasive geo-mash-ups, the inadequacy of information privacy laws and potential solutions in the form of technological solutions, social standards and legal frameworks; [12] report submitted to the Office of the Privacy Commissioner of Canada, focused on mobile surveillance, the privacy dangers, and legal consequences; and [57] report to the Canadian Privacy Commissioner dealing with complementary issues associated with mobility, location technologies, and privacy.

Based on the literature presented throughout this chapter, a valid starting point in determining the privacy-invasive nature of specific LBS applications is to review and employ the available solution(s). These solutions or techniques are summarized in Table 16.1, in terms of the merits and benefits of each approach and the extent to which they offer means of overcoming or mitigating privacy-related risks. The selection of a particular technique is dependent on the context or situation in question. Once the risks are identified it is then possible to develop and select an appropriate mitigation strategy to reduce or prevent the negative implications of utilizing certain LBS applications. This chapter is intended to provide a review of scholarship in relation to LBS privacy and security, and should be used as the basis for future research into the LBS privacy dilemma, and related regulatory debate.

Table 16.1 Summary of solutions and techniques

Solution/Technique | Merits | Limitations

Technological mechanisms

• Provide location obfuscation and anonymity in required situations

• Myriad of solutions available depending on level of privacy required

• In-built mechanisms requiring limited user involvement

• Unlike regulatory solutions, technological solutions encourage industry development

• Result in degradation in location quality/resolution

Regulatory mechanisms

• Variety of techniques available, such as industry self-regulation and government legislation

• Can offer legal protection to individuals in defined situations/scenarios

• Can be limiting in terms of advancement of LBS industry

Impact assessments, contextual frameworks, and internal policies

• Provide proactive approach in identifying privacy (and related) risks

• Used to develop suitable mitigation strategies

• Preventative and inclusive in nature

• Tend to be skewed in focus, focusing primarily on negative implications

• Can be limiting in terms of advancement of LBS industry


1. Abbas R, Michael K, Michael MG, Aloudat A (2011) Emerging forms of covert surveillance using GPS-enabled devices. J Cases Inf Technol (JCIT) 13(2):19–33

2. Aloudat A (2012) ‘Privacy Vs Security in national emergencies. IEEE Technol Soc Mag Spring 2012:50–55

3. ALRC 2008 (2012) For your information: Australian privacy law and practice (Alrc Report 108). http://www.alrc.gov.au.ezproxy.uow.edu.au/publications/report-108. Accessed 12 Jan 2012

4. Andrejevic M (2007) Ispy: Surveillance and Power in the Interactive Era. University Press of Kansas, Lawrence

5. Anthony D, Kotz D, Henderson T (2007) Privacy in location-aware computing environments. Pervas Comput 6(4):64–72

6. Applewhite A (2002) What knows where you are? Personal safety in the early days of wireless. Pervas Comput 3(12):4–8

7. Attorney General’s Department (2012) Telecommunications interception and surveillance. http://www.ag.gov.au/Telecommunicationsinterceptionandsurveillance/Pages/default.aspx. Accessed 20 Jan 2012

8. Awad NF, Krishnan MS (2006) The personalization privacy paradox: an empirical evaluation of information transparency and the willingness to be profiled online for personalization. MIS Q 30(1):13–28

9. Ayres G, Mehmood R (2010) Locpris: a security and privacy preserving location based services development framework. In: Setchi R, Jordanov I, Howlett R, Jain L (eds) Knowledge-based and intelligent information and engineering systems, vol 6279, pp 566–575

10. Bauer HH, Barnes SJ, Reichardt T, Neumann MM (2005) Driving the consumer acceptance of mobile marketing: a theoretical framework and empirical study. J Electron Commer Res 6(3):181–192

11. Bennett CJ (2006) The mobility of surveillance: challenges for the theory and practice of privacy protection. In: Paper prepared for the 2006 Meeting of the international communications association, Dresden Germany, June 2006, pp 1–20.

12. Bennett CJ, Crowe L (2005) Location-based services and the surveillance of mobility: an analysis of privacy risks in Canada. A report to the Office of the Privacy Commissioner of Canada, under the 200405 Contributions Program, June 2005. http://www.colinbennett.ca/recent-publications/reports-2/

13. Bennett CJ, Grant R (1999) Introduction. In: Bennett CJ, Grant R (eds) Visions of privacy: policy choices for the digital age. University of Toronto Press, Toronto, pp 3–16.

14. Beresford AR, Stajano F (2004) Mix zones: user privacy in location-aware services. In: Proceedings of the Second IEEE Annual conference on pervasive computing and communications workshops (PERCOMW’04) pp 127–131.

15. Brickhouse Security (2012) Lok8u GPS Child Locator. http://www.brickhousesecurity.com/child-locator.html. Accessed 9 Feb 2012

16. Brown B, Taylor AS, Izadi S, Sellen A, Kaye J, Eardley R (2007) Locating family values: a field trial of the whereabouts clock. In: UbiComp ‘07 Proceedings of the 9th international conference on Ubiquitous computing, pp 354–371.

17. Burdon M (2010) Privacy invasive geo-mashups : Privacy 2.0 and the limits of first generation information privacy laws. Univ Illinois J Law Technol Policy (1):1–50.

18. Casal CR (2004) Impact of location-aware services on the privacy/security balance. Info: J Policy Regul Strategy Telecommun Inf Media 6(2):105–111

19. Chen JV, Ross W, Huang SF (2008) Privacy, trust, and justice considerations for location-based mobile telecommunication services. Info 10(4):30–45

20. Cho G (2005) Geographic information science: mastering the legal issues. Wiley, Hoboken.

21. Clarke R (1997) Introduction to dataveillance and information privacy, and definitions of terms. http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html

22. Clarke R (1999) Relevant characteristics of person-location and person-tracking technologies. http://www.rogerclarke.com/DV/PLTApp.html

23. Clarke R (2001a) Introducing PITs and PETs: technologies affecting privacy. http://www.rogerclarke.com/DV/PITsPETs.html

24. Clarke R (2001) Person location and person tracking—technologies, risks and policy implications. Inf Technol People 14(2):206–231

25. Clarke R (2003b) Privacy on the move: the impacts of mobile technologies on consumers and citizens. http://www.anu.edu.au/people/Roger.Clarke/DV/MPrivacy.html

26. Clarke R (2006) What’s ‘Privacy’? http://www.rogerclarke.com/DV/Privacy.html

27. Clarke R (2007a) Chapter 3. What ‘Uberveillance’ is and what to do about it. In: Michael K, Michael MG (eds) The Second workshop on the social implications of national security (from Dataveillance to Uberveillance and the Realpolitik of the Transparent Society). University of Wollongong, IP Location-Based Services Research Program (Faculty of Informatics) and Centre for Transnational Crime Prevention (Faculty of Law), Wollongong, Australia, pp 27–46

28. Clarke R (2009) Privacy impact assessment: its origins and development. Comput Law Secur Rev 25(2):123–135

29. Clarke R (2010a) An evaluation of privacy impact assessment guidance documents. http://www.rogerclarke.com/DV/PIAG-Eval.html

30. Clarke R (2010b) Pias in Australia—A work-in-progress report. http://www.rogerclarke.com/DV/PIAsAust-11.html

31. Clarke R, Wigan M (2011) You are where you’ve been: the privacy implications of location and tracking technologies. http://www.rogerclarke.com/DV/YAWYB-CWP.html

32. Consolvo S, Smith IE, Matthews T, LaMarca A, Tabert J, Powledge P (2005) Location disclosure to social relations: why, when, & what people want to share. In: CHI 2005(April), pp 2–7, Portland, Oregon, USA, pp. 81–90

33. Culnan MJ, Bies RJ (2003) Consumer privacy: balancing economic and justice considerations. J Soc Issues 59(2):323–342

34. Damiani ML, Bertino E, Perlasca P (2007) Data security in location-aware applications: an approach based on Rbac. Int. J. Inf Comput Secur 1(1/2):5–38

35. Davis DW, Silver BD (2004) Civil Liberties Vs. Security: public opinion in the context of the terrorist attacks on America. Am J Polit Sci 48(1):28–46

36. Dobson JE, Fisher PF (2003) Geoslavery. IEEE Technol Soc Mag 22(1):47–52

37. Duckham M (2008) Location privacy protection through spatial information hiding. http://www.privacy.vic.gov.au/privacy/web2.nsf/files/20th-meeting-16-july-2008-duckham-presentation/$file/pvn_07_08_duckham.pdf

38. Duckham M (2010) Moving forward: location privacy and location awareness. In: SPRINGL’10 November 2, 2010, San Jose, CA, USA, pp 1–3

39. Duckham M, Kulik L (2006) Chapter 3. location privacy and location-aware computing. In: Drummond J, Billen R, Forrest D, Joao E (eds) Dynamic and Mobile Gis: investigating change in space and time. CRC Press, Boca Raton, pp 120. http://www.geosensor.net/papers/duckham06.IGIS.pdf

40. Elliot G, Phillips N (2004) Mobile commerce and wireless computing systems. Pearson Education Limited, Great Britain 532 pp

41. FIDIS 2007, D11.5: The legal framework for location-based services in Europe. http://www.fidis.net/

42. Fusco SJ, Michael K, Aloudat A, Abbas R (2011) Monitoring people using location-based social networking and its negative impact on trust: an exploratory contextual analysis of five types of “Friend” Relationships. In: IEEE symposium on technology and society (ISTAS11), Illinois, Chicago, IEEE 2011

43. Fusco SJ, Michael K, Michael MG, Abbas R (2010) Exploring the social implications of location based social networking: an inquiry into the perceived positive and negative impacts of using LBSN between friends. In: 9th international conference on mobile business (ICMB2010), Athens, Greece, IEEE, pp 230–237

44. Giaglis GM, Kourouthanassis P, Tsamakos A (2003) Chapter IV. Towards a classification framework for mobile location-based services. In: Mennecke BE, Strader TJ (eds) Mobile commerce: technology, theory and applications. Idea Group Publishing, Hershey, US, pp 67–85

45. Gould JB (2002) Playing with fire: the civil liberties implications of September 11th. In: Public Administration Review, 62 (Special Issue: Democratic Governance in the Aftermath of September 11, 2001), pp 74–79

46. Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: ACM/USENIX international conference on mobile systems, applications and services (MobiSys), pp 31–42

47. Iqbal MU, Lim S (2007) Chapter 16. Privacy implications of automated GPS tracking and profiling. In: Michael K, Michael MG (eds) From Dataveillance to Überveillance and the Realpolitik of the Transparent Society (Workshop on the Social Implications of National Security, 2007) University of Wollongong, IP Location-Based Services Research Program (Faculty of Informatics) and Centre for Transnational Crime Prevention (Faculty of Law), Wollongong, pp 225–240

48. Jorns O, Quirchmayr G (2010) Trust and privacy in location-based services. Elektrotechnik & Informationstechnik 127(5):151–155

49. Junglas I, Spitzmüller C (2005) A research model for studying privacy concerns pertaining to location-based services. In: Proceedings of the 38th Hawaii international conference on system sciences, pp 1–10

50. Kaasinen E (2003) User acceptance of location-aware mobile guides based on seven field studies. Behav Inf Technol 24(1):37–49

51. Kaupins G, Minch R (2005) Legal and ethical implications of employee location monitoring. In: Proceedings of the 38th Hawaii international conference on system sciences, pp 1–10

52. Krumm J (2008) A survey of computational location privacy. Pers Ubiquit Comput 13(6):391–399

53. Küpper A, Treu G (2010) Next generation location-based services: merging positioning and web 2.0. In: Yang LT, Waluyo AB, Ma J, Tan L, Srinivasan B (eds) Mobile intelligence. Wiley Inc, Hoboken, pp 213–236

54. Landau R, Werner S (2012) Ethical aspects of using GPS for tracking people with dementia: recommendations for practice. Int Psychogeriatr 24(3):358–366

55. Leppäniemi M, Karjaluoto H (2005) Factors influencing consumers’ willingness to accept mobile advertising: a conceptual model. Int. J Mobile Commun 3(3):197–213

56. Loc8tor Ltd. 2011 (2012), Loc8tor Plus. http://www.loc8tor.com/childcare/. Accessed 9 Feb 2012.

57. Lyon D, Marmura S, Peroff P (2005) Location technologies: mobility, surveillance and privacy (a Report to the Office of the Privacy Commissioner of Canada under the Contributions Program). The Surveillance Project, Queens Univeristy, Canada. www.sscqueens.org/sites/default/files/loctech.pdf

58. Mason RO (1986) Four ethcial challenges in the information age. MIS Q 10(1):4–12

59. Mayer RN (2003) Technology, families, and privacy: can we know too much about our loved ones? J Consum Policy 26:419–439

60. Michael K, Masters A (2006) The advancement of positioning technologies in defense intelligence. In: Abbass H, Essam D (eds) Applications of information systems to homeland security and defense. Idea Publishing Group, United States, pp 196–220

61. Michael K, McNamee A, Michael MG (2006) The emerging ethics of humancentric GPS tracking and monitoring. International conference on mobile business. IEEE Computer Society, Copenhagen, Denmark, pp 1–10

62. Michael K, McNamee A, Michael MG, Tootell H (2006) Location-based intelligence—modeling behavior in humans using GPS. IEEE international symposium on technology and society. IEEE, New York, United States, pp 1–8

63. Michael K, Clarke R (2012) Location privacy under dire threat as Uberveillance stalks the streets. In: Precedent (Focus on Privacy/FOI), vol 108, pp 1–8 (online version) & 24–29 (original article). http://works.bepress.com.ezproxy.uow.edu.au/kmichael/245/

64. Neltronics 2012 (2012) Fleetfinder Pt2 Personal Tracker. http://www.fleetminder.com.au/gps-systems/fleetfinder+PT2. Accessed 9 Feb 2012

65. Nissenbaum H (2010) Privacy in context: technology, policy, and the integrity of social life. Stanford Law Books, Stanford 288 pp

66. O’Connor PJ, Godar SH (2003) Chapter XIII. We know where you are: the ethics of LBS advertising. In: Mennecke BE, Strader TJ (eds) Mobile commerce: technology, theory and applications. Idea Group Publishing, Hershey, pp 245–261

67. Office of the Victorian Privacy Commissioner 2009 (2010) Privacy impact assessments: a single guide for the victorian public sector. www.privacy.vic.gov.au/privacy/web.nsf/content/guidelines. Accessed 3 March 2010

68. Patel DP (2004) Should teenagers get Lojackedt against their will? An argument for the ratification of the United Nations convention on the rights of the child. Howard L J 47(2):429–470

69. Perusco L, Michael K (2005) Humancentric applications of precise location based services. IEEE international conference on e-business engineering. IEEE Computer Society, Beijing, China, pp 409–418

70. Perusco L, Michael K (2007) Control, trust, privacy, and security: evaluating location-based services. IEEE Technol Soc Mag 26(1):4–16

71. Perusco L, Michael K, Michael MG (2006) Location-based services and the privacy-security dichotomy. In: Proceedings of the 3rd international conference on mobile computing and ubiquitous networking, London, UK. Information Processing Society of Japan, pp. 91–98

72. Privacy International 2007, Overview of Privacy. www.privacyinternational.org/article.shtml?cmd[347]=x-347-559062. Accessed 3 Dec 2009

73. Quinn MJ (2006) Ethics for the information age, 2nd edn. Pearson/Addison-Wesley, Boston 484 pp

74. Raab CD (1999) Chapter 3. From balancing to steering: new directions for data protection. In: Bennett CJ, Grant R (eds) Visions of privacy: policy choices for the digital age. University of Toronto Press, Toronto, pp 68–93

75. Raper J, Gartner G, Karimi HA, Rizos C (2007) Applications of location-based services: a selected review. J Locat Based Serv 1(2):89–111

76. Richards NM, Solove DJ (2007) Privacy’s other path: recovering the law of confidentiality. Georgetown Law J 96:123–182

77. Schreiner K (2007) Where We At? Mobile phones bring GPS to the masses. IEEE Comput Graph Appl 2007:6–11

78. Sheng H, Fui-Hoon Nah F, Siau K (2008) An experimental study on ubiquitous commerce adoption: impact of personalization and privacy concerns. J Assoc Inf Syst 9(6):344–376

79. Smith GD (2006) Private eyes are watching you: with the implementation of the E-911 Mandate, Who will watch every move you make? Federal Commun Law J 58:705–726

80. Solove DJ (2006) A taxonomy of privacy. Univ Pennsylvania Law Rev 154(3):477–557

81. Solove DJ (2007) I’ve Got Nothing to Hide’ and other misunderstandings of privacy. San Diego Law Rev 44:745–772

82. Solove DJ (2008) Data mining and the security-liberty debate. Univ Chicago Law Rev 74:343–362

83. Steinfield C (2004) The development of location based services in mobile commerce. In: Priessl B, Bouwman H, Steinfield C (eds) Elife after the Dot.Com Bust. www.msu.edu/~steinfie/elifelbschap.pdf, pp 1–15

84. Tang KO, Lin J, Hong J, Siewiorek DP, Sadeh N (2010) Rethinking location sharing: exploring the implications of social-driven vs. purpose-driven location sharing. In: UbiComp 2010, Sep 26–Sep 29, Copenhagen, Denmark, pp 1–10

85. Tatli EI, Stegemann D, Lucks S (2005) Security challenges of location-aware mobile business. In: The Second IEEE international workshop on mobile commerce and services, 2005. WMCS ‘05, pp 1–10

86. Tootell H (2007) The social impact of using automatic identification technologies and location-based services in national security. PhD Thesis, School of Information Systems and Technology, Informatics, University of Wollongong

87. Tsai JY, Kelley PG, Drielsma PH, Cranor LF, Hong J, Sadeh N (2009) Who’s Viewed You? the impact of feedback in a mobile location-sharing application. In: CHI 2009, April 3–9, 2009, Boston, Massachusetts, USA, pp 1–10

88. Wang S, Min J, Yi BK (2008) Location based services for mobiles: technologies and standards (Presentation). In: IEEE ICC 2008, Beijing, pp 1–123

89. Warren S, Brandeis L (1890) The right to privacy. Harvard Law Rev 4:193–220

90. Westin AF (1967) Privacy and freedom. Atheneum, New York 487 pp

91. Westin AF (2003) Social and political dimensions of privacy. J Social Issues 59(2):431–453

92. Wigan M, Clarke R (2006) Social impacts of transport surveillance. Prometheus 24(4):389–403

93. Wright T (2004) ‘Security. Privacy and Anonymity’, crossroads 11:1–8

94. Xu H, Luo X, Carroll JM, Rosson MB (2011) The personalization privacy paradox: an exploratory study of decision making process for location-aware marketing. Decis Support Syst 51(2011):42–52

95. Xu H, Teo HH, Tan BYC, Agarwal R (2009) The role of push-pull technology in privacy calculus: the case of location-based services. J Manage Inf Syst 26(3):135–173

Citation: Abbas R., Michael K., Michael M.G. (2015) "Location-Based Privacy, Protection, Safety, and Security." In: Zeadally S., Badra M. (eds) Privacy in a Digital, Networked World. Computer Communications and Networks. Springer, Cham, DOI: https://doi-org.ezproxy.uow.edu.au/10.1007/978-3-319-08470-1_16

Cloud computing data breaches a socio-technical review of literature


images (1).jpg

As more and more personal, enterprise and government data, services and infrastructure moves to the cloud for storage and processing, the potential for data breaches increases. Already major corporations that have outsourced some of their IT requirements to the cloud have become victims of cyber attacks. Who is responsible and how to respond to these data breaches are just two pertinent questions facing cloud computing stakeholders who have entered an agreement on cloud services. This paper reviews literature in the domain of cloud computing data breaches using a socio-technical approach. Socio-technical theory encapsulates three major dimensions- the social, the technical, and the environmental. The outcomes of the search are presented in a thematic analysis. The 7 key themes identified from the literature included: security, data availability, privacy, trust, data flow, service level agreements, and regulation. The paper considers complex issues, pre-empting the need for a better way to deal with breaches that not only affect the enterprise and cloud computing provider, but more importantly, end-users who rely on online services and have had their credentials compromised.

Section I. Introduction

Traditionally, enterprise networks were managed by internal IT staff that had access to underlying infrastructure that stored and processed organizational data. Cloud computing has emerged to overcome traditional barriers such as limited IT budgets, increased use of outdated technology and the inability of corporations to expand IT infrastructure services to users when needed [1]. Cloud computing is Internet-based infrastructure and application service delivery through a controlled and manageable environment that is provided with a pay-as-you-go agreement structure. Cloud computing has acted to lower hardware and software costs [2]. Buyya et al. [3] analogize that cloud computing is similar to utility based-services such as water, electricity, gas and telephony. Cloud computing allows for adjusting resources on an ad-hoc manner for a predefined duration with minimal management effort [4].Customers only pay for what is utilized in an affordable manner and computing requirements can be scaled down when no longer needed [3].

While cloud computing is seen as a utility, [5] state that cloud computing models are undeveloped technology structures that have immense potential for improvement. This is despite that [6] argues that cloud computing concepts are not new and models have been adopted from technologies such as time sharing mainframes, clustering and grid computing. Yet [7] elaborates that cloud computing technology is far more advanced than other technology, exceeding the regulatory environment because it transcends legal boundaries. For example, cloud computing has allowed for data to reside somewhere other than the data owner's home location [8]. There are three layers generally acknowledged “as a service” within the cloud computing context: infrastructure, platform, and software. Business customers (e.g. online merchants), may opt for one or more cloud service layers depending on the needs of their company, and the needs of end-users (i.e. the customer's customer).

A. Infrastructure as a Service

Infrastructure as a Service (IaaS) enables the cloud consumer to acquire and provision hardware infrastructure services through the use of cloud provider web interfaces [9].Through an abstraction view of the hardware, consumers are able to provision infrastructure on a pay-as-you-go basis that can be adjusted on an ad-hoc manner [10].The IaaS delivery model also provides ability to provision system images, scale storage and processing requirements and define network topologies through the cloud provider's user interface management portal [10]. The infrastructure is offered through time-shared facilities that allows storage, processing and network services to be utilized as a service [1]. According to [6, p. 44] IaaS “allows companies to essentially rent a data center environment without the need and worry to create and maintain the same data center footprint in their own company”.

B. Platform as a Service

Platform as a Service (PaaS) enables cloud customers the ability to deliver web-based applications to its users [8]. PaaS also allows cloud customers to support facilities that provide on-demand web application utilization without the need to manage underlying complex network infrastructure. According to [8, p. 49], principle characteristics of PaaS are “services to develop, test, deploy, host, and manage applications to support the application development life cycle”. The added benefits of PaaS allows cloud customers to test developed applications without the need to utilize organizationally-owned infrastructure [6].

C. Software as a Service

Software as a Service (SaaS) allows cloud customers the ability to utilize software resources through a web-based user interface [8]. The SaaS model allows cloud customers the facility of utilizing software applications without the need for them to store, process and maintain backend infrastructure and platform repositories [6]. The level of abstraction increases as cloud customers migrate from IaaS to SaaS delivery models, hence responsibility is handed to cloud providers to handle the SaaS model [11]. Furthermore [12] discuss SaaS architecture through multi-tenant utilization as it shares common resources and underlying instances of both database and object code.

Section II. Security

Several authors [13] [14] [15] agree security concerns are among one of the biggest issues that will enable growth in cloud computing services. The use of public clouds demands tighter restrictions on cloud providers to incorporate into their service models. Legal complications that cloud providers must adhere to are yet to be standardized and as a result remain the biggest obstacle to continued substantial growth of the cloud model [14]. Svantesson and Clarke [5] emphasize that the issue of security within the cloud computing context should be reviewed rigorously by potential business customers and end-users before adoption to ensure that confidentiality, integrity, availability and privacy policies are addressed by the provider.

A recent study [16] focuses on explaining the concerns over network boundaries in the cloud computing model where the risk of attacks are increased as a result of outdated security solutions. The continued usage of cloud computing will result in more devices being connected outside the traditional network boundary, which will in turn mean that the underlying data that is stored may be compromised. Similarly, [7] states whereas once a user was only allowed to log on if they were on the physical network, they can now log on from almost any device that is connected to a network connection. In traditional enterprise networks, organisations had access to security settings and configurations, whilst in the cloud computing model the network boundary is managed by the cloud provider.

Subashini and Kavitha [17, p. 3] state “guaranteeing the security of corporate data in the cloud is difficult, if not impossible”. The state of cloud security is under stress as security threats and vulnerabilities may not be noticed by the cloud customer and their end-users [18]. This in turn raises alarms for disaster recovery plans to be specified in service level agreements to avoid contract breaches. Kshetri [15] elaborates that security and privacy issues come to the fore as customers start to be concerned that data may be used without the explicit consent of the end-user. To complement the latter, [13] details further concerns such as loss of control over data via malicious or un-malicious intent, an issue that can never be completely eradicated.

A. Cloud Computing Data Security Encryption Keys

There have been numerous studies conducted seeking to secure the cloud computing model from risks and threats but this has had little impact on the overall industry [19].The outcome from [19] proposes key-based encryption through simulation modelling that allows data to be stored on cloud infrastructure, with participants accessing certain data according to their encryption key permission. To critique the former, [20] state that security mechanisms that involve encryption key solutions degrade performance levels and do not meet scalability requirements in cloud computing environments. With the issues of performance and scalability on encryption keys, Esayas [13] also elaborates that encryption keys might not meet business requirements as the effectiveness of such a technique is not suitable for all cloud computing services. Implementing security is essential in overall cloud models, although it increases overheads that diminish the return and benefits.

The influence of many industry and academic experts, state that encryption keys will pave the way for secure cloud computing, from a perpetrator and insider attack point of view. Insider breaches are becoming more common as attacks may be deliberate or simply administrative error [21]. In review, [18] detail that traditional security solutions change when enterprises adopt cloud computing and existing encryption standards are outdated for the cloud computing model, inhibiting effective use for privacy protection. The ability to overcome these issues will allow the cloud customer peace of mind with respect to data integrity and end-user confidence [22].

Another method to encryption key security is demonstrated using a simulation approach to protect data from unauthorized access and violation. The concept introduces data coloring to protect different types of data. This distorts the original data and only owners that have the same color key can view the data. Yet [13] and [20] argue that security keys are highly volatile in cloud environments, that if the decryption key is mismanaged, the data will not be able to be decrypted. To add further criticism, the data coloring security solution simulation-based approach has limitations on overall usefulness as it provides simplistic arithmetic calculations [13].

B. Disadvantages of Traditional Security Practices in Cloud

Perpetrators and insider attacks are considered high impact security threats to cloud computing. Pek et al. [23] detail security issues are not being offset by either hardware or software protocols. In assessment, [17] surveys existing traditional security solutions and believes that cloud data needs higher levels of security to overcome vulnerabilities and threats. Traditional security models such as intrusion detection systems, intrusion prevention systems and network firewalls do not effectively address the security issues that are being experienced in the cloud computing model [17].

Salah [24] introduces the proof-of-concept cloud-based network security overlay. For this simulation, Salah [24] uses security intrusion detection systems, network firewalls and anti-virus tools that are intended for cloud environments. The results demonstrate that significant cost savings can be achieved with this implementation although network latency and increased network bandwidth utilization is recorded.[25]emphasize that cloud environments are far greater in complexity and design than traditional enterprise environments. Physical and virtual machines are rapidly being deployed in data centers and the security management protocol for this environment using the traditional security methodology is dormant and unrealistic. For example, Salah [24] has not included solutions for when an intrusion has compromised a particular virtual machine, and how a cloud provider and customer should respond.This is of particular concern as [25] state that once a virtual machine has been compromised then the attacker can gain access to the lower level hypervisor of the machine.

C. Data Security Issues in Virtualised Environments

Virtualization first came on to the market in IBM mainframes through the use of its hypervisor to initiate virtual machines [21]. Virtualization concepts and technical background explanations are not being explicitly detailed to the cloud customer adding to security concerns. Sensitive data that resides on the cloud computing model are acceptable to threats and vulnerabilities using virtualization techniques [26]. A primary design issue is to denote the sensitivity of the data that is being stored and assign low and high security controls for that virtual machine. According to [23], sensitive and nonsensitive data should not be stored on the same physical machine, although this has not being publicized to cloud customers.

Data in virtualized environments according to [17] is an important topic as data location and data ownership is a key enabler to increasing trust relationships between provider and customer. To complement the former, [14] elaborate that trust can be diminished with concerns relating to data breaches. Data security breaches in virtualized environments can occur to one or many tenants that reside in a single physical machine and at times without notifications being issued to customers or consumers [14]. As many tenants reside in a single physical machine, customer data may be accessed by unauthorized personnel if the virtualized environment is compromised [27].

In [28], the definition of sensitive data relates to software configuration data, network configurations and resource allocations for virtualized environments. If we compare this with [14], they define sensitive data with respect to an individual's social information. Throughout the study, [28] state that current security measures for virtualized environments are lacking and increased prevention, detection and protection measures need to be in place. These measures include an increase in the level of policy standards and managerial say during cloud provider assessment for cloud services. [29]emphasizes that the lack of service level agreement acknowledgement during cloud provider assessment plays a pivotal role in ruling out important components of cloud services.

D. Outsourcing Sensitive Data to Virtualised Environments

When cloud customers outsource their workload to a cloud provider due to resource constraints or volatile computation requirements, [20] state that “current outsourcing practice operates in plaintext - that is, it reveals both data and computation results to the commercial public cloud”. This should be concerning to cloud customers, as they very often store data that is likely to contain sensitive information (e.g. corporate intellectual property). The management practices of data security in virtualized cloud environments according to [14] are simply inadequate for sensitive data to be stored.Rocha et al. [21] detail that system and network administrators have log-in credentials to access the virtualization management layer of the physical machine. With this level of access coupled with plaintext data, outsourcing demonstrates that virtualized cloud environments are not suitable for data storage [5].

E. Cloud Security Auditing and Certification Compliance

Standards that include auditing and certifications are considered to be inadequate for the cloud computing model [15]. To complement the former, [30] state that auditing and certifications have not been widely implemented and adopted by cloud providers. A set of security standards and best practices are being developed by the Cloud Security Alliance (CSA), although current cloud providers are yet to demonstrate enthusiasm or optimism that these will play a role in avoiding security breaches [15].

F. Billing Monitoring Security Concerns on the Cloud

The continuation of monitoring services from cloud providers offers timely and effective billing solutions for cloud customers. However, this is also a security matter, given providers need to monitor customer traffic to bill accordingly [31]. The lack of standards for monitoring services increase privacy concerns, as cloud customers cannot apply security metrics nor monitor on what is being scanned [30]. Pek et al. [23] supports accessing the management portal of the cloud computing model as integral to the overall security status and virtual environments.

G. Cloud Security Requirements and Modelling Approach

In their proposed framework modelling approach, [32] address privacy and security requirements analysis for cloud customers through a rigorous process that selects the most suitable cloud vendor. The conceptual framework incorporates different cloud computing stakeholders, iterative requirements processing and a security modelling language. The authors demonstrate the main limitation of this proposed conceptual framework is privacy being a subset requirement of security. [33]agree that the lack of service level agreement analysis during the conceptual framework process is a major contributor to ineffectively measuring cloud provider services.

Chen and Zhao [27] develop a data life cycle conceptual framework through a semantic review of current literature. The various stages address initial data generation from cloud customers to how data destruction is performed by cloud providers once a cloud service is terminated. Throughout the conceptual framework, the lack of monitoring service level agreements in respect to data location, sharing, privacy and security is of particular concern. The conceptual framework process does not provide insights into the overall compliance and regulatory status. [5]emphasize that cloud customers and end-users need to acknowledge the importance of cloud provider compliance and regulation status.

The architecture proposed by [34] is a proxy based cloud service to enable collaboration between multi-cloud consumers and providers on an ad-hoc basis. The concept allows data sharing and processing without establishing agreements or negotiation contracts and business rules. In another study, [25] elaborate the significance of establishing standard service level agreements and contracts for cloud services and how to monitor them on a continuous basis. Modi [25] also describes underlying internet protocol (IP) and proxy services vulnerabilities. Through this, attacks can include man-in-the middle, domain name system (DNS) and address resolution protocol (ARP) spoofing that can be targets for proxy based cloud models. Comparatively, [34] and [35] looked at collaboration with multi-vendor and customers clouds in an alternative way. Yang's [35] simulation involved service level agreements for customers whilst participating in cloud federation services. The measured components of the SLA had Quality of Service (QoS) attributes such as connection latency, bandwidth and threshold limits. The security that [35] incorporated in the simulation had encryption and authentication methods that were standard practice for online activities.

Yang and Jia [36] introduce their concept of enabling dynamic auditing of data that is stored on a cloud service through a conceptual framework. They define the key categories that need attention: increased confidentiality, dynamic and batch auditing. The results were compelling as decreased costs to processing these audits were achieved. The intervention through a third party auditor within the process enabled the avoidance of bias in the results. [17]emphasizes that compliance and regulatory status of cloud providers is crucial to the cloud customer. The lack of acknowledgement of [36] to include the attitude of cloud vendor participation and approval was a key difference in the studies. Cloud vendors may inevitably avoid these scenarios and lack participation for data confidentially checks.

Source: http://searchcloudprovider.techtarget.com/photostory/2240178541/What-your-customers-want-to-see-in-the-2013-cloud-marketplace/6/Security-data-protection-remain-top-cloud-computing-issues

Section III. Data Availability

A. Multiple Availability Zones

Cloud vendors that have multiple availability zones use this functionality as a method to distribute network load and offset critical services to a larger amount of geo-redundant sites. Sun et al. [26] state that replication technology is used for multiple availability zone setups to avoid data loss, although this method is prone to cross-border activities, if stored in different regulated jurisdictions. The study by [37] aimed at data availability to be effected through the use of virtualization and raised security issues. Sun et al. [26] focused on data availability through offloading services to alternative servers for load distribution. Comparatively, [37] insisted to keep high data availability applications in-house until further developments are made to the cloud computing model, although this article is now somewhat dated.

B. Enhancing Data Security to Maintain Data Availability

In the study by [38], enhanced security was achieved through the utilization of security mechanisms such as double authentication and digital signatures. Data availability was achieved by enabling the data to be securely stored and retrieved. In comparison, the study by [39], aimed to increase data availability through a two stage process: using a trusted third party to maintain visibility of the security mechanisms that are used, and using enhanced security mechanisms to protect the data. Thus, [38] proposes the solution through an experimental-based case, whereas [39] only demonstrates this through expected security tools and their capabilities. In contrast, using a literature review, [40] indicate that virtualization security is very important to data availability. With their analysis of current security mechanisms, virtualization security is under-managed and in need of enhanced management practices.

C. Data Availability Priorities

Sakr et al. [41] in their cloud computing survey, aimed to investigate cloud challenges that arise by utilizing their developed model. While they identified several advantages, such as utilization and bandwidth improvements, there were substantial drawbacks from cloud storage techniques that raised concerns. Their findings indicated that the availability of service use, highly impacts the cloud computing model, as the slightest downtime and service degradation would impact the use of the service. Similarly, the study by [42] indicates that performance delivery through the availability of the service was the most significant issue. To critique [42], findings were empirically based as compared to [41] where findings were derived from a literature survey.

Section IV. Privacy

A. Defining Information Privacy in Technology

Meanings of information privacy vary across disciplines. According to the Australian Privacy Law and Practice Report 108: “Information privacy, [is] the establishment of rules governing the collection and handling of personal data such as credit information, and medical and government records.” It is also known as data protection [43]. Information privacy can be considered an important concept when studying cloud computing. It has four sub-components [44]:

  • Psychologically: people need private space;
  • Sociologically: people need to be free to behave… but without the continual threat of being observed;
  • Economically: people need to be free to innovate; and
  • Politically: people need to be free to think and argue and act.”

It is important to note that information privacy is not only something that is important to a cloud computing business customer, but also an end-user who is likely to be an everyday consumer.

B. Technological Advances Outpace Privacy Regulation

The Australian Privacy Law and Practice Report 108 noted that the “…Privacy Act regulates the handling of personal information.” Although the Act was exclusively designed for public sector agencies, now the Information Privacy Principles (IPPs) have a broader reach [43, p. 138]. Complicating the issue of privacy, especially information privacy, is how it is interpreted, or for that matter ignored, by different legal systems.Gavison [45, p. 465] summates the problem of privacy in an ever-changing technological world when he writes: “Advances in the technology of surveillance and the recording, storage, and retrieval of information have made it either impossible or extremely costly for individuals to protect the same level of privacy that was once enjoyed.”

C. Sensitive Data Storage on Cloud Infrastructure

The EU Directive defines sensitive data as personal data that includes health records, criminal activities, or religious philosophy [14]. Similarly, [27] define e-commerce and health care systems data as sensitive. [28]defines sensitive data that includes personal attributes and security configuration files. Subashini and Kavitha [17], state that sensitive data holds value to the end-user and needs to be protected. In addition, [46] discusses that each cloud customer needs to assess suitability and evaluate the security controls that the cloud provider offers. Sun et al.'s [26] key focus is that cloud customers must first acknowledge that their sensitive data is stored on cloud computing infrastructure, and cloud providers need to assure that it is kept confidential. [15]states that cloud customers are cautious while utilizing the cloud computing model to store sensitive data. [14]state that protecting sensitive data in cloud computing is the biggest challenge for cloud customers.

Cloud customers are especially anxious about the release of their information to third party vendors, exclusive of acknowledgement [22]. Sensitive data that is stored on cloud provider infrastructure is often non-aggregated. All data is tightly coupled thus allowing stakeholders that can access the data to utilize it [47]. [17]detail that cloud customers that have non-aggregated data are vulnerable to insider breaches, as data can be taken without cloud customer acknowledgement. All non-aggregated data that can be seen as selective elements are either weakly encrypted or clearly visible. Ter [48] also discusses the importance that cloud customers need to decouple sensitive data from non-sensitive data as a minimal standard if cloud computing is utilized. The ability to process large quantities of data and query datasets at immense speed is available using cloud computing [47]. Yet this very capability raises concerns about privacy and sensitive data security mechanisms. Privacy concerns are raised as the cause for data retention, and deletion from the cloud provider with respect to virtualization techniques have not been elaborated [28].

D. EU and AUS Data Privacy

King and Raja [14] detail privacy rights that cloud customers have if they choose to store data in an EU-based cloud. It follows that cloud providers need to assure that they act according to local regulations. The complexity arises when a cloud customer in Australia, for instance, is subject to foreign laws as their data is stored in another jurisdiction [46].

Section V. Trust

Cloud providers interpret trust as either being a security or privacy issue [15]. In comparison [18] state that trust is strengthened by having tighter technical and social means to enable transparency for cloud customers. End-users of cloud computing (i.e. everyday consumers), lack trust as cloud providers limit the amount of information provided on data transfer, storage and processing to them directly. End-users may also be concerned about confidentiality [49]. A large subset of cloud end-users have concerns that their data may be used inappropriately for other purposes. Nguyen [7, p. 2205] expresses that cloud customers: “[m]aintain personal property on a third party's premises, he or she retains a reasonable expectation of privacy, even if that third party has the right to access the property for some purchases.”

A. Increasing Cloud Trust with Security Technology Solutions

Wu et al. [50] in their research, enable trust by increasing levels of security. They introduce a trusted third party to provide the secret key for encrypting data storage. This enhances the probability that consumers have higher security solutions to prevent data violation in the form of secure envelopes. This kind of solution however, incurs higher network traffic costs. In agreement [19] and [20] discuss that enhancing security encryption degrades systems performance and scalability.

The dispersion of cloud customers and data centers globally alters the current domain trust relationship as cloud customers and servers might not be in the same trusted domain [20]. In comparison with the latter, traditional methods on enabling and enhancing trust are simply unrealistic as the amount of data to process is growing exponentially [49]. Integrity mechanisms that were once used in traditional enterprise data centers focused on independent and isolated servers. The method for hashing the entire file(s) is not feasible in cloud data center technology [49]. This creates uncertainty for cloud consumers that do not have background knowledge in cloud computing. It was also found that cloud customers have little or no knowledge of trust-related issues in cloud computing.

B. Enhancing Trust from Social and Technical Perspectives

Enabling trust is notably difficult to sustain as it is dynamic in nature and subject to other factors that may influence the cloud customer's behavior [26]. The ability to improve trust using cloud computing is not solely a technical issue; it needs to include social structures [22]. Throughout, [15] describes security and privacy issues as being formed by emotions, authority and power by the individuals that use cloud computing resources.

Kshetri [15] details the importance of increasing security while lowering privacy issues by enhancing trust relationships between cloud provider and customer. To support the latter, King and Raja [14] state that security weaknesses will relate to lower consumption of cloud computing and a further decrease of customers handing off data.King and Raja [14] uphold that policymakers need to enforce standards and practices within the cloud computing industry. With respect to customer trust, [51] states that enhancing transparency with respect to security will only act to better support trust.Relating to social trust issues, [28] describe trust in relation to technological and virtualized concepts. To enable trust between virtualized systems is to overcome vulnerabilities in hardware and software design. A key security platform used in virtualized environments is the Trusted Platform Module (TPM), which is an industry standard for enabling root trust in hardware design and components [28].

Cloud customer trust concerns are likely to continue as failures in both technical and social structures of cloud computing remain unresolved [14]. Kshetri [15] states that this is conclusive and ongoing as cloud providers lack giving cloud customers adequate and meaningful information, further diminishing trust. Trusting cloud providers with corporate transactions needs better management [17]. Cloud customers with sensitive data will continue to rationalize and investigate cloud computing. Further research is required in the area of constructing regulatory frameworks that cover trust relationships between all parties in a service level agreement (SLA) [14].

C. Increasing Trust with Service Level Agreement Visibility

According to [5], cloud providers grant minimal visibility for their offered service acceptance terms and agreements. The increased response time to service deployments are critical factors for end-user acceptance. Enquiring and reading through the terms and agreements of the proposed service are dormant as most customers (and their end-users) will have not read or even become aware of the terms and agreements they sign up to [5]. King and Raja [14] state that trust will be jeopardized as privacy and security concerns continue to rise. [5], [14] and [15] discuss perceptions that trust will be further diminished as cloud providers lack the enthusiasm and impetus to address these concerns. As a result, cloud providers continue to have full authority over customer data [52]. Although this has recently changed with many suggesting mandatory data breach notification, and even commensurate penalties for untimely communications about breaches.

Section VI. Data Flow

A. Data Flow Between Multiple Jurisdictions

In network operations, data flow is essential to overall planning and lifecycle management tasks for IT departments. To understand where the data is being transferred, impacts the type of cloud computing model chosen and overall data storage techniques. Critical and sensitive data that belongs to end-users of cloud solutions may store personal information which cannot be shared with third party vendors. Fears amongst end-users of cloud computing models are greatest when cross-border data flows occur without the pre-warning of the cloud provider. Esayas [13] examined the EU Data Protection Directive, which dated back to 1995, and stated that privacy protection was rather limited to the cloud customer as data was being transferred between jurisdictions. In support, [31] detail privacy acts and regulatory bodies in various jurisdictions which clearly lack the sufficient power to withhold cloud providers the right to keep data to be transferred to another jurisdiction.

B. Cloud Infrastructure Outpacing the Legal Framework

Adrian [46] argues technology developments generally outpace privacy and regulatory issues as a key contributor to privacy concerns. This is particularly important to cloud customers as the legal framework is outdated and insufficient for current cloud computing models [46]. The ineffective use of outdated privacy laws and regulations are difficult to be tied to cross-border data flows, as foreign corporations have data ownership to the data that was transferred [5]. Complications and confusion occurs when legal frameworks become uncertain to cloud customers. To add to the severity of the problem, cloud customers are often unawares of the specific physical storage location of their data. Australia's lack of updating and enhancing of the Privacy Act 1988 is particularly problematic for cloud customers [46]. Svantesson and Clarke [5, p. 392] state that cloud computing “extends beyond mere compliance with data protection laws to encompass public expectations and policy issues that are not, or not yet, reflected in the law”.

C. Australia and EU Legal Frameworks Compared

The transfer of data over the Internet, that cloud providers perform, does not correlate to the cross-border transfer of data within the Australian Privacy Act 1988 [13]. In comparing the Australian Privacy Act 1988 and European Union (EU) Data Protection Directive 1995, [14] explicitly mentions that the EU Directive prohibits member states from cross-border data transfer activities that have below acceptable laws and regulation. In contrast, [46] mentions that conflicting judgements often occur, as enforcing these rules becomes difficult to sustain in foreign countries.

King and Raja [14] explain that EU member states have far tighter privacy laws and regulations compared to Australia when cross-border data flows come into question. The EU Directive gives cloud customers basic rights to their data, and knowledge of where their data is physically stored. Cross-border data flows out of Australia are dissimilar, as the common law is applied to these scenarios, which have far less restrictions compared to the EU Directive [52]. Simply, the EU Directive states that cross-border data flows cannot occur if foreign jurisdictions do not have the same levels of enforcement[53].

Compliance and regulations restrict certain jurisdictions from transferring data to foreign jurisdictions, the location from which the data originated and where it is being transferred [17]. With respect to the EU Directive, even if the cloud consumer is located outside the EU, the data that is generated within the EU cannot be transferred outside the EU [14]. To determine data transfer between jurisdictions is often difficult to answer as the flow of data between jurisdictions can be altered at any time without the cloud customers acknowledgement [14].

The concern for cloud customers over sensitive data is often overlooked and underestimated as cloud providers continue to transfer data to other jurisdictions. This has also raised concerns particularly with sensitive data that end-users of cloud services generate from online applications. Sensitive data that is stored within traditional enterprise networks have been controlled by authorized personnel with tight restrictions using an access-control matrix. These restrictions are both physical security as well as security solutions such as authorizations and cryptography. Regardless of data location, cloud consumers need to have control over data flow between jurisdictions [17].

D. Google Docs Privacy Policy: An Example

In their analysis of Google Docs Privacy Policy, [5] state that cloud end-users of the Google SaaS model have a minimal amount of knowledge on where their data is being transferred and processed. In complement, [53] declare that Google's service agreements bear no liability for any privacy and security of cloud end-user data. Their privacy policy does not provide fundamental information about how third party gadgets collect, manipulate and store cloud end-user data when using Google Docs [5]. This is somewhat inclusive as data residing within the EU cannot be transferred to non-EU jurisdictions even though the data owners are not EU-based residents [14]. The confusion for end-users of cloud computing is high as cross-border data flows are often not highlighted and detailed to the cloud end-user during signup of a cloud-based application. The claim made by cloud computing providers is that cross-border data flows allow for higher service guarantees to the cloud customer and their respective customers. Acceptable service level agreements for cloud consumers can be taken into consideration whilst developing cloud strategies. A unified service level agreement will help improve confidence for future cloud computing migration [54].

Section VII. Service Level Agreements

Buyya et al. [3] in their seminal study describe the importance of service level agreements in cloud computing. Service level agreements provide the needed protection between cloud provider and cloud customer. Similarly, [55] also detail that SLAs are important documents that set expectations for both the cloud customer and the provider. With cloud computing being dynamic in nature and resources being adjusted on an ad-hoc basis, [56] discuss the need for the SLA to be self-adaptable and autonomic. For uninspected service disruption to be avoided, cloud providers need to assure that service guarantees are meet in a timely fashion [57].

A. Cloud Computing Service Level Agreement Importance

The issues associated with cloud computing continue to exist and several factors considered by [17] are raised as being important. These include: service level agreements, security and privacy constraints. Service level agreements are pivotal in establishing a contract between provider and customer in the adoption of cloud computing technologies and services. Cloud customers need to be selective and to incorporate security technology and privacy prevention policies within service level agreements [2]. Interpreting SLAs on behalf of cloud customers will enable proper decisions to be made by key managerial staff. SLAs provide customers with the ability to terminate a contract if service levels are not met by the cloud provider.

B. Service Level Agreements and Negotiation Strategies

Karadsheh's[58] findings proposed a security model and SLA negotiation application process. This was derived through understanding business security requirements prior to facilitating cloud computing activities. Throughout the study, the concept was to build confidence in the enterprise by applying the right requirements. Karadsheh's[58] first point was to illustrate due diligence in the cloud provider and then apply the needed security policies, and whether the cloud provider would be able to adhere to them. The remaining component was to negotiate SLAs. Questions based on data location, privacy agreements and backup strategies were performed as measurable attributes, and if successful, a cloud provider would be selected. To complement [33] and [58] discuss the importance of understanding the SLA prior to cloud computing usage enabling all parties to set their legal and technical expectations.

C. Public Cloud Provider SLA Content Analysis Approach

Pauley [59] designed a transparency scorecard framework to measure security, privacy, auditing and SLA attributes. The scorecard framework questions were based on SLA guarantees, SLA management procedures and record of SLA usages. The scorecard was designed to allow cloud consumers the ability to note the cloud provider that best suited their application of use. Pauley's [59] approach compared cloud customer requirements with publicly available information from cloud providers and used the self-service method for analysis. In comparison, [60]analyzed cloud provider applicability with SLAs, without reference to security, privacy and audit. Qiu et al. [60] gathered SLAs from public cloud providers that had no restrictions to view their SLAs.The sample size was larger than in [59]. Qiu et al. [60] also applied the content analysis technique to analyze the data within the SLA and followed up with a case study and interview method with the cloud customer.

The findings by [59] detailed that out of six public cloud providers chosen (Google, Amazon Web Services, Microsoft Azure, IBM, Terremark, Savvis) only two scored greater than 50% in the SLA scorecard. The results were masked and the cloud providers were not identified. Qiu et al. [60] analyzed further SLA attributes than [59] providing greater insights towards the true value of SLAs for cloud computing. Some of the added attributes in the second study that proved significant were definitions of data protection policy, backup policy and regulatory compliance policy that were originally missing from the first study.

Baset [29] details the importance of understanding the variability of SLA from the cloud provider perspective. The author introduces the attributes of service guarantee, time period, granularity, exclusions, service credit and service violation monitoring. These are the key attributes that are going to be analyzed throughout the study using context analysis of the publicly available SLAs. Qiu et al.'s [60] study has additional attributes that define the obligations from both provider and customer points of view.An important finding from the study of [29], is that service violation incident reporting for all cloud providers were not available on the actual SLA, save for Amazon Compute, which had 5 (five) days of incident reporting factored. Cloud customers that stipulate acknowledgement from cloud providers that have a data breach, disruptions or security related incidents occurring are alarmingly noted as “not available” within the service level agreement. The study from [29] also indicates SLAs that were analyzed from October 2008 to April 2010, indicate that SLAs do not change and reflect actual cloud provider technology status. Baset [29] also discusses that enterprise SLAs should comprise more than just availability and performance, but also privacy, security and disaster recovery.

D. Measuring Cloud Provider Service Level Agreements

Throughout organizational use of cloud computing the important aspect of defining SLA is crucial. The service being utilized will be directly affected if the SLA does not fit the cloud consumer's requirements. In the framework that is being proposed, [61] evaluate and rank SLA attributes of cloud providers. They utilize the service measurement index (SMI) and the attributes are accountability, agility, cost, performance, assurance, security, privacy and usability. The authors extend on this concept and introduce user experiences as another attribute. This introduces the Analytical Hierarchical Process (AHP) for cloud consumers to evaluate and rank cloud customers based on the attributes of the SMI. The framework is utilized in a case study approach that consists of three cloud providers (Amazon EC2, Microsoft Azure and Rackspace). Based on the user requirements, the attributes are given a ranking matrix and results in total weight of the quality of service attributes. The final outcome of the proposed study concluded that S3 (service provider 3) anonymously given name was the best in terms of performance, although S1 (service provider 1) provides the best quality/cost ratio. To compare [29], [59], [60], [61]–introduce the known SMI and AHP frameworks that are used to evaluate and measure attributes on known metrics, rather than analyzing from an individual customer's perspective.

E. A Brief Analysis of Google Service Agreements

Svantesson and Clarke's [5] analysis of the Google Docs service terms discuss that cloud customers have very little knowledge how their data is used and where it resides.[53]also details that Google's service agreements provide no protection on both privacy and security issues for cloud customer data. With respect to cloud customer protection, [62] summates that Google's service agreements state that the Internet search giant has the right to use the content that is obtained and publicly displayed through its Google services. Google can willingly use customer data by accessing, indexing and caching without the end customer's knowledge [62]. These agreements are enforced often without the knowledge of the cloud customer or the cloud customer's customer [5].

Section VIII. Regulation

Managing cloud computing regulations in the U.S. have yet to mature and in certain circumstances lack adequate protection for cloud customer data confidentiality, integrity and availability [14]. Comparing U.S. cloud computing regulation to the EU is challenging, as the EU have tighter restrictions on what is deemed acceptable and unacceptable [14]. Current regulatory rights lack the ability to protect data that is owned by cloud customers from different jurisdictions as to the location of the data owner [18]. Conflicting regulatory rights from different jurisdictions enforce foreign laws to be applied. Adrian [46] describes that new regulation for cloud computing models are inevitably risky and costly as change would impact individual entities.Constructing new regulations would impose burdens on existing and established rights as all entities would need to learn and adapt to new regulations [46]. Similarly, imposing new regulatory laws into an ecosystem that has not yet matured can be a challenging task for all participants involved [20].

Robison's [62] discussion on United States Stored Communication Act (SCA) implies a strong and deterministic approach on legal infrastructure is simply outdated for today's technology, including cloud computing. The author describes and contrasts cloud providers to incorporate terms of service (ToS), privacy policies of the agreed service.In comparison, [7] discusses the Stored Communication Act (SCA) imposing recommendations and future frameworks. Their recommendations include: removing the remote computing services (RCS) and electronic communication services (ECS), toward the incorporation of requiring warrants, and implementing a statutory suppression remedy in the SCA. The two studies utilized the SCA as a foundation, although [62] rather intended to cooperate and provide guidelines for future use of cloud computing. Nguyen's [7] objective in his study was rather to propose the alteration of the legal infrastructure itself. Robison's [62] and Nguyen's [7] aim was to satisfy the objectives of reasoning with cloud providers and cloud customers and allow privacy protection to be strengthened. The component of removing the ECS / RCS and issuing a warrant avoids and prevents “searches from turning into fishing expeditions” [7, p. 2213]. The current court orders require less ground to impose search for data, while warrants will allow for searches that are on reasonable grounds.

Section IX. Conclusion

This paper has used a social-technical approach to review literature in the field of cloud computing. From an analysis of the technical-related works in the field of cloud computing, it is conclusive that security concerns are among the most critical issues facing stakeholders of the cloud computing value chain. It is apparent that most previous studies have focused on enhancing security technology without focusing or reviewing the actual attacks that have been successfully launched against cloud providers. This indicates that cloud data breaches are ill-defined and under-researched in cloud computing scholarly works. There are two concerns that are fundamental to cloud computing security that need further attention. The first concern is with pre-cloud computing data breach manageability and the second concern with post-cloud computing security manageability. Scholarly works have focused largely on simulating security solutions, although they have underestimated the importance of incorporating externalities within the studies. Externalities focus on government and industry related regulations which are integral components that are presently only scantly mentioned in the literature. Importantly, social, technical and environmental concerns have been largely overlooked, with works only focusing on either social-technical, technical-environmental, without reference to all three aspects of the cloud computing value chain.

The second part of this paper examined the social aspect of cloud computing and consisted of privacy and trust-based concerns in previous works. The studies found in this area, demonstrated the importance of privacy and trust within cloud computing as not only supporting continual usage of these services, but also to state concerns with utilization. At the very heart of cloud data breaches are privacy and trust. Scholarly works that were reviewed also identified issues with respect to environmental concerns; such as data flow issues, regulation and service level agreements that were either misinterpreted or missing from government statuary legislation and potential cloud provider's terms of service. It was obvious from the review of literature that a lot of research to date in the cloud computing field has focused on technical solutions than the actual social implications of cloud computing data breaches. This not only signifies the need for a balanced approach, but also specifically with respect to the social requirements, especially of cloud customers, and the end-users of cloud solutions who may not even be aware that they are using cloud services.

In terms of the environmental aspect of cloud computing, what we found is that “systems” today have not only a global reach but technology itself is sprawled over a global landscape. Cloud providers do not simply operate from one location but for the purposes of redundancy, cost, and legal boundaries could operate various components of a system scattered all over the world. It may even be impossible for the cloud provider to denote which part of a given transaction is occurring locally as opposed to across the border. Previous works, with the exception of a small number of papers, have not addressed this regulatory/ legal aspect of cloud computing. And even fewer studies, say anything significant about the vulnerability of cloud computing end-users (i.e. everyday consumers) with respect to regulation once a data breach has occurred. What happens when hackers successfully breach a cloud computing service, and the details of personal data from a cloud customer's services are stolen or leaked? Who is informed? How are they informed? When are end-users of the cloud customer notified of a breach? How is a cloud customer supported for damage to their brand by the successful security breach, and more importantly, how does a consumer of a service based on cloud infrastructure, reclaim their personal information once it has been compromised and compensated for the loss? In conclusion, there is an urgent need for research that takes a balanced approach to cloud computing data breaches and incorporates the end-user, not just the cloud provider and cloud business customer into the study. There also needs to be a balance struck between social, technical and environmental aspects covered in finding a practicable solution to security breaches as they continue to occur, for these are inevitable.


1. D. N. Chorafas, Cloud Computing Strategies, Boca Raton, Florida:Taylor & Francis Group, 2011.
2. G. Pallis, "Cloud Computing: The New Frontier of Internet Computing" in Internet Computing, IEEE, vol. 14, pp. 70-73, 2010.
3. R. Buyya et al., "Cloud computing and emerging IT platforms: Vision hype and reality for delivering computing as the 5th utility", Future Generation Computer Systems, vol. 25, pp. 599-616, 2009.
4. P. Mell, T. Grance, "The NIST Definition of Cloud Computing National Institute of Standards and Technology", 2011.
5. D. Svantesson, R. Clarke, "Privacy and consumer risks in cloud computing", Computer Law & Security Review, vol. 26, pp. 391-397, 2010.
6. M. H. Hugos, D. Hulitzky, Business in the cloud: what every business needs to know about cloud computing, New York:John Wiley & Sons, 2010.
7. T. M. Nguyen, "Cloud cover: privacy protections and the Stored Communications Act in the age of cloud computing", Notre Dame Law Review, vol. 86, pp. 2189.
8. J. W. Rittinghouse, J. F. Ransome, Cloud computing: implementation management and security, Boca Raton, FL:Taylor & Francis Group, 2010.
9. W. Wang et al., "Cloud-DLS: Dynamic trusted scheduling for Cloud computing", Expert Systems with Applications, vol. 39, pp. 2321-2329, 2012.
10. C. Baun et al., Cloud computing: web-based dynamic IT services, Berlin/Heidelberg:Springer, 2011.
11. J. R. Winkler, Securing the cloud: cloud computing security techniques and tactics, Burlington, MA:Elsevier, 2011.
12. B. R. Rimal, N. Antonopoulos, L. Gillam et al., "Chapter 2. A Taxonomy Survey and Issues of Cloud Computing Ecosystems" in Cloud Computing: Principles Systems and Applications, ed London, UK:Springer-Verlag, pp. 21-46, 2010.
13. S. Y. Esayas, "A walk in to the cloud and cloudy it remains: The challenges and prospects of ‘processing’ and ‘transferring’ personal data", Computer Law & Security Review, vol. 28, pp. 662-678, 2012.
14. N. J. King, V. T. Raja, "Protecting the privacy and security of sensitive customer data in the cloud", Computer Law & Security Review, vol. 28, pp. 308-319, 2012.
15. N. Kshetri, "Privacy and security issues in cloud computing: The role of institutions and institutional evolution", Telecommunications Policy, vol. 37, pp. 372-386, 2013.
16. R. Oppliger, "Security and privacy in an online world", Computer, vol. 44, pp. 21, 2011.
17. S. Subashini, V. Kavitha, "A survey on security issues in service delivery models of cloud computing", Journal of Network and Computer Applications, vol. 34, pp. 1-11, 2011.
18. H. Takabi et al., "Security and Privacy Challenges in Cloud Computing Environments", IEEE Security & Privacy, vol. 8, pp. 24-31, 2010.
19. M. Zhou et al., "Privacy enhanced data outsourcing in the cloud", Journal of Network and Computer Applications, vol. 35, pp. 1367-1373, 2012.
20. K. Ren et al., "Security Challenges for the Public Cloud", IEEE Internet Computing, vol. 16, no. 00, pp. 69-73, 2012.
21. F. Rocha et al., "The Final Frontier: Confidentiality and Privacy in the Cloud", Computer, vol. 44, pp. 44-50, 2011.
22. J. Hwang, D. Li, "Trusted cloud computing (or) controlling the cloud?", Computer Law & Security Review, vol. 14, pp. 14-22.
23. G. Pek et al., "A survey of security issues in hardware virtualization", ACM Computing Surveys, vol. 45, pp. 1-34, 2013.
24. K. Salah et al., "Using Cloud Computing to Implement a Security Overlay Network" in Security & Privacy, IEEE, vol. 11, pp. 44-53, 2013.
25. C. Modi et al., "A survey on security issues and solutions at different layers of Cloud computing", The Journal of Supercomputing, vol. 63, pp. 561-592, 2013.
26. D. Sun et al., "Surveying and Analyzing Security Privacy and Trust Issues in Cloud Computing Environments", Procedia Engineering, vol. 15, pp. 2852-2856, 2011.
27. D. Chen, H. Zhao, "Data Security and Privacy Protection Issues in Cloud Computing", Proceedings of the 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE), 2012.
28. M. Pearce et al., "Virtualization: Issues security threats and solutions", ACM Comput. Surv., vol. 45, pp. 1-39, 2013.
29. S. A. Baset, "Cloud SLAs: present and future", SIGOPS Oper. Syst. Rev., vol. 46, pp. 57-66, 2012.
30. B. Grobauer et al., "Understanding Cloud Computing Vulnerabilities" in Security & Privacy, IEEE, vol. 9, pp. 50-57, 2011.
31. G. Aceto et al., "Cloud monitoring: A survey", Computer Networks, vol. 57, pp. 2093-2115, 2013.
32. H. Mouratidis et al., "A framework to support selection of cloud providers based on security and privacy requirements", Journal of Systems and Software, vol. 86, pp. 2276-2293, 2013.
33. A. Arenas et al., "Bridging the Gap between Legal and Technical Contracts" in Internet Computing, IEEE, vol. 12, pp. 13-19, 2008.
34. M. Singhal et al., "Collaboration in multicloud computing environments: framework and security issues", Computer, vol. 46, pp. 76, 2013.
35. X. Yang et al., "A business-oriented Cloud federation model for real-time applications", Future Generation Computer Systems, vol. 28, pp. 1158-1167, 2012.
36. K. Yang, X. Jia, "Data storage auditing service in cloud computing: challenges methods and opportunities", World Wide Web, vol. 15, pp. 409-428, 2012.
37. P. Hofmann, D. Woods, "Cloud Computing: The Limits of Public Clouds for Business Applications" in Internet Computing, IEEE, vol. 14, pp. 90-93, 2010.
38. S. K. Sood, "A combined approach to ensure data security in cloud computing", Journal of Network and Computer Applications, vol. 35, pp. 1831-1838, 2012.
39. D. Zissis, D. Lekkas, "Addressing cloud computing security issues", Future Generation Computer Systems, vol. 28, pp. 583-592, 2012.
40. H. Y. Tsai et al., "Threat as a Service?: Virtualization's Impact on Cloud Security", IT Professional, vol. 14, pp. 32-37, 2012.
41. S. Sakr et al., "A Survey of Large Scale Data Management Approaches in Cloud Environments" in Communications Surveys & Tutorials, IEEE, vol. 13, pp. 311-336, 2011.
42. A. Benlian, T. Hess, "Opportunities and risks of software-as-a-service: Findings from a survey of IT executives", Decision Support Systems, vol. 52, pp. 232-246, 2011.
43. "For Your Information: Australian Privacy Law and Practice", ALRC Report 108, 2008.
44. R. Clarke, "What's Privacy?", 2006, [online] Available: www.rogerclarke.com.
45. R. Gavison, "Privacy and the Limits of Law", The Yale Law Journal, vol. 89, pp. 421-471, 1980.
46. A. Adrian, "How much privacy do clouds provide? An Australian perspective", Computer Law & Security Review, vol. 29, pp. 48-57, 2013.
47. H. Wang, "Privacy-Preserving Data Sharing in Cloud Computing", Journal of Computer Science & Technology, vol. 25, pp. 401-414, 2010.
48. K. L. Ter, "Singapore's Personal Data Protection legislation: Business perspectives", Computer Law & Security Review, vol. 29, pp. 264-273, 2013.
49. Z. Xiao, Y. Xiao, "Security and Privacy in Cloud Computing", IEEE Communications Surveys & Tutorials, vol. 15, pp. 843-859, 2013.
50. W. Wu et al., "How to achieve non-repudiation of origin with privacy protection in cloud computing", Journal of Computer and System Sciences, vol. 79, pp. 1200.
51. N. Ismail, "Cursing the Cloud (or) Controlling the Cloud?", Computer Law & Security Review, vol. 27, pp. 250-257, 2011.
52. A. Gray, "Conflict of laws and the cloud", Computer Law & Security Review, vol. 29, pp. 58-65, 2013.
53. N. Kshetri, S. Murugesan, "Cloud Computing and EU Data Privacy Regulations", Computer, vol. 46, pp. 86-89, 2013.
54. Y. Wei, M. B. Blake, "Service-Oriented Computing and Cloud Computing: Challenges and Opportunities", IEEE Internet Computing, vol. 14, pp. 72-75, 2010.
55. V. Kumar, P. Pradhan, "Role of Service Level Agreements in SaaS Business Scenario", IUP Journal of Information Technology, vol. 9, pp. 64-76, 2013.
56. A. Kertesz et al., "An interoperable and self-adaptive approach for SLA-based service virtualization in heterogeneous Cloud environments", Future Generation Computer Systems, vol. 32, pp. 54-68, 2014.
57. A. G. Garcia et al., "SLA-driven dynamic cloud resource management", Future Generation Computer Systems, vol. 31, pp. 1-11, 2014.
58. L. Karadsheh, "Applying security policies and service level agreement to IaaS service model to enhance security and transition", Computers & Security, vol. 31, pp. 315-326, 2012.
59. W. A. Pauley, "Cloud Provider Transparency: An Empirical Evaluation" in Security & Privacy, IEEE, vol. 8, pp. 32-39, 2010.
60. M. M. Qiu et al., "Systematic Analysis of Public Cloud Service Level Agreements and Related Business Values", presented at the Proceedings of the 2013 IEEE International Conference on Services Computing, 2013.
61. S. K. Garg et al., "A framework for ranking of cloud computing services", Future Generation Computer Systems, vol. 29, pp. 1012-1023, 2013.
62. W. Robison, "Free at what cost?: Cloud computing privacy under the stored communications act", Georgetown Law Journal, vol. 98, pp. 1195-1239, 2010.

Citation: David Kolevski, Katina Michael, "Cloud computing data breaches a socio-technical review of literature", 2015 International Conference on Green Computing and Internet of Things (ICGCIoT), 8-10 Oct. 2015, Noida, India, DOI: 10.1109/ICGCIoT.2015.7380702

Using a Social-Ethical Framework to Evaluate Location-Based Services



The idea for an Internet of Things has matured since its inception as a concept in 1999. People today speak openly of a Web of Things and People, and even more broadly of an Internet of Everything. As our relationships become more and more complex and enmeshed, through the use of advanced technologies, we have pondered on ways to simplify flows of communications, to collect meaningful data, and use them to make timely decisions with respect to optimisation and efficiency. At their core, these flows of communications are pathways to registers of interaction, and tell the intricate story of outputs at various units of analysis- things, vehicles, animals, people, organisations, industries, even governments. In this trend toward evidence-based enquiry, data is the enabling force driving the growth of IoT infrastructure. This paper uses the case of location-based services, which are integral to IoT approaches, to demonstrate that new technologies are complex in their effects on society. Fundamental to IoT is the spatial element, and through this capability, the tracking and monitoring of everything, from the smallest nut and bolt, to the largest shipping liner to the mapping of planet earth, and from the whereabouts of the minor to that of the prime minister. How this information is stored, who has access, and what they will do with it, is arguable depending on the stated answers. In this case study of location-based services we concentrate on control and trust, two overarching themes that have been very much neglected, and use the outcomes of this research to inform the development of a socio-ethical conceptual framework that can be applied to minimise the unintended negative consequences of advanced technologies. We posit it is not enough to claim objectivity through information ethics approaches alone, and present instead a socio-ethical impact framework. Sociality therefore binds together that higher ideal of praxis where the living thing (e.g. human) is the central and most valued actor of a system.


Introduction 1.1. 3

Control 1.2. 4

Surveillance 1.2.1. 5

Common surveillance metaphors 1.2.2. 5

Applying surveillance metaphors to LBS 1.2.3. 7

‘Geoslavery’ 1.2.4. 7

From state-based to citizen level surveillance 1.2.5. 7

Dataveillance 1.2.6. 8

Risks associated with dataveillance 1.2.7. 8

Loss of control 1.2.8. 8

Studies focussing on user requirements for control 1.2.9. 10

Monitoring using LBS: control versus care? 1.2.10. 10

Sousveillance 1.2.11. 11

Sousveillance, ‘reflectionism’ and control 1.2.12. 11

Towards überveillance 1.2.13. 12

Implications of überveillance on control 1.2.14. 13

Comparing the different forms of ‘veillance’ 1.2.15. 14

Identification 1.2.16. 14

Social sorting 1.2.17. 15

Profiling 1.2.18. 15

Digital personas and dossiers 1.2.19. 15

Trust 1.3. 16

Trust in the state 1.3.1. 17

Balancing trust and privacy in emergency services 1.3.2. 17

Trust-related implications of surveillance in the interest of national security 1.3.3. 17

Need for justification and cultural sensitivity 1.3.4. 18

Trust in corporations/LBS/IoT providers 1.3.5. 19

Importance of identity and privacy protection to trust 1.3.6. 19

Maintaining consumer trust 1.3.7. 20

Trust in individuals/others 1.3.8. 20

Consequences of workplace monitoring 1.3.9. 20

Location-monitoring amongst friends 1.3.10. 21

Location tracking for protection 1.3.11. 21

LBS/IoT is a ‘double-edged sword’ 1.3.12. 22

Discussion 1.4. 22

The Internet of Things (IoT) and LBS: extending the discussion on control and trust 1.4.1. 22

Control- and trust-related challenges in the IoT 1.4.2. 23

Ethical analysis: proposing a socio-ethical conceptual framework 1.4.3. 24

The need for objectivity 1.4.4. 25

Difficulties associated with objectivity 1.4.5. 26

Conclusion 1.5. 27


Introduction 1.1

Locative technologies are a key component of the Internet of Things (IoT). Some scholars go so far as to say it is the single most important component that enables the monitoring and tracking of subjects and objects. Knowing where something or someone is, is of greater importance than knowing who they are because it or they can be found, independent of what or who they are. Location also grants us that unique position on the earth’s surface, providing for us one of the vital pieces of information forming the distance, speed, time matrix. A unique ID, formed around an IP address in an IoT world, presents us with the capability to label every living and non-living thing and to recollect it, adding to its history and longer term physical lifetime. But without knowing where something is, even if we have the knowledge that an action is required toward some level of maintenance, we cannot be responsive. Since the introduction of electronic databases, providing accurate records for transaction processing has been a primary aim. Today, however, we are attempting to increase visibility using high resolution geographic details, we are contextualizing events through discrete and sometimes continuous sensor-based rich audio-visual data collection, and we are observing how mobile subjects and objects interact with the built environment. We are no longer satisfied with an approach that says identify all things, but we wish to be able to recollect or activate them on demand, understand associations and affiliations, creating a digital chronicle of its history to provide insights toward sustainability.

There is thus an undue pressure on the ethical justification for social and behavioral tracking of people and things in everyday life. Solely because we have the means to do something, it does not mean we should do it. We are told that through this new knowledge gained from big data we can reduce carbon emissions, we can eradicate poverty, we can grant all people equity in health services, we can better provision for expected food shortages, utilize energy resources optimally, in short, make the world a better place. This utopian view might well be the vision that the tech sector wish to adopt as an honourable marketing strategy, but the reality of thousands of years of history tells us that technology does not necessarily on its own accord, make things better. In fact, it has often made some aspects of life, such as conflict and war, much worse through the use of modern, sophisticated advanced techniques. We could argue that IoT will allow for care-based surveillance that will bring about aid to individuals and families given needs, but the reality is that wherever people are concerned, technology may be exploited towards a means for control. Control on its own is not necessarily an evil, it all depends on how the functionality of given technologies are applied. Applied negatively the recipient of this control orientation learns distrust instead of trust which then causes a chain reaction throughout society, especially with respect to privacy and security. We need only look at the techniques espoused by some governments in the last 200 years to acknowledge that heinous crimes against humanity (e.g. democide) have been committed with new technological armaments (Rummel, 1997) to the detriment of the citizenry.                                                         

A socio-ethical framework is proposed as a starting point for seeking to understand the social implications of location services, applicable to current and future applications within IoT infrastructure. To stop at critiquing services using solely an information ethics-based approach is to fall short. Today’s converging services and systems require a greater scope of orientation to ask more generally how society may be affected at large, not just whether information is being collected, stored, and shared appropriately. To ask questions about how location services and IoT technology will directly and indirectly change society has far greater importance for the longer term vision of person-to-person and person-to-thing interactions than simply studying various attributes in a given register.

Studies addressing the social implications of emerging technologies, such as LBS, generally reflect on the risks and ethical dilemmas resulting from the implementation of a particular technology within a given social context. While numerous approaches to ethics exist, all are inextricably linked to ideas of morality, and an ability to distinguish good conduct from bad. Ethics, in simple terms, can be considered as the “study of morality” (Quinn 2006, p. 55), where morality refers to a “system of rules for guiding human conduct and principles for evaluating those rules” (Tavani 2007, p. 32). This definition is shared by Elliot and Phillips (2004, p. 465), who regard ethics as “a set of rules, or a decision procedure, or both, intended to provide the conditions under which the greatest number of human beings can succeed in ‘flourishing’, where ‘flourishing’ is defined as living a fully human life” (O'Connor and Godar 2003, p. 248).

According to the literature, there are two prominent ethical dilemmas that emerge with respect to locating a person or thing in an Internet of Things world. First, the risk of unauthorised disclosure of one’s location which is a breach of privacy; and second the possibility of increased monitoring leading to unwarranted surveillance by institutions and individuals. The socio-ethical implications of LBS in the context of IoT can therefore be explored based on these two major factors. IoT more broadly, however, can be examined by studying numerous social and ethical dilemmas from differing perspectives. Michael et al. (2006a, pp. 1-10) propose a framework for considering the ethical challenges emerging from the use of GPS tracking and monitoring solutions in the control, convenience and care usability contexts. The authors examine these contexts in view of the four ethical dimensions of privacy, accuracy, property and accessibility (Michael et al. 2006a, pp. 4-5). Alternatively, Elliot and Phillips (2004, p. 463) discuss the social and ethical issues associated with m-commerce and wireless computing in view of the privacy and access, security and reliability challenges. The authors claim that factors such as trust and control are of great importance in the organisational context (Elliot and Phillips 2004, p. 470). Similar studies propose that the major themes regarding the social implications of LBS be summarised as control, trust, privacy and security (Perusco et al. 2006; Perusco and Michael 2007). These themes provide a conceptual framework for reviewing relevant literature in a structured fashion, given that a large number of studies are available in the respective areas.

This article, in the first instance, focusses on the control- and trust-related socio-ethical challenges arising from the deployment of LBS in the context of IoT, two themes that are yet to receive comprehensive coverage in the literature. This is followed by an examination of LBS in the context of the Internet of Things (IoT), and the ensuing ethical considerations. A socio-ethical framework is proposed as a valid starting point for addressing the social implications of LBS and delivering a conceptual framework that is applicable to current LBS use cases and future applications within an Internet of Things world.

Control 1.2

Control, according to the Oxford Dictionary (2012a), refers to the “the power to influence or direct people’s behaviour or the course of events”. With respect to LBS, this theme is examined in terms of a number of important concepts, notably surveillance, dataveillance, sousveillance and überveillance scholarship.

Surveillance 1.2.1

A prevailing notion in relation to control and LBS is the idea of exerting power over individuals through various forms of surveillance. Surveillance, according to sociologist David Lyon, “is the focused, systematic and routine attention to personal details for the purposes of influence, management, protection and or direction,” although Lyon admits that there are exceptions to this general definition (Lyon 2007, p. 14). Surveillance has also been described as the process of methodically monitoring the behaviour, statements, associates, actions and/or communications of an individual or individuals, and is centred on information collection (Clarke 1997; Clarke 2005, p. 9).

The act of surveillance, according to Clarke (1988; 1997) can either take the form of personal surveillance of a specific individual or mass surveillance of groups of interest. Wigan and Clarke (2006, p. 392) also introduce the categories of object surveillance of a particular item and area surveillance of a physical enclosure. Additional means of expressing the characteristics of surveillance exist. For example, the phrase “surveillance schemes” has been used to describe the various surveillance initiatives available (Clarke 2007a, p. 28). Such schemes have been demonstrated through the use of a number of mini cases or vignettes, which include, but are not limited to, baby monitoring, acute health care, staff movement monitoring, vehicle monitoring, goods monitoring, freight interchange-point monitoring, monitoring of human-attached chips, monitoring of human-embedded chips, and continuous monitoring of chips (Clarke 2007c; Clarke 2007b, pp. 47-60). The vignettes are intended to aid in understanding the desirable and undesirable social impacts resulting from respective schemes.

Common surveillance metaphors 1.2.2

In examining the theme of control with respect to LBS, it is valuable to initially refer to general surveillance scholarship to aid in understanding the link between LBS and surveillance. Surveillance literature is somewhat dominated by the use of metaphors to express the phenomenon. A prevalent metaphor is that of the panopticon, first introduced by Jeremy Bentham (Bentham and Bowring 1843), and later examined by Michel Foucault (1977). Foucault’s seminal piece Discipline and Punish traces the history of punishment, commencing with the torture of the body in the eighteenth century, through to more modern forms of punishment targeted at the soul (Foucault 1977). In particular, Foucault’s account offers commentary on the notions of surveillance, control and power through his examination of Bentham’s panopticon, which are pertinent in analysing surveillance in general and monitoring facilitated by LBS in particular. The panopticon, or “Inspection-House” (Bentham and Bowring 1843, p. 37), refers to Bentham’s design for a prison based on the essential notion of “seeing without being seen” (p. 44). The architecture of the panopticon is as follows:

“The building is circular. The apartments of the prisoners occupy the circumference. You may call them, if you please, the cells... The apartment of the inspector occupies the centre; you may call it if you please the inspector's lodge. It will be convenient in most, if not in all cases, to have a vacant space or area all round, between such centre and such circumference.  You may call it if you please the intermediate or annular area” (Bentham and Bowring 1843, pp. 40-41).

Foucault (1977, p. 200) further illustrates the main features of the inspection-house, and their subsequent implications on constant visibility:

“By the effect of backlighting, one can observe from the tower [‘lodge’], standing out precisely against the light, the small captive shadows in the cells of the periphery. They are like so many cages, so many small theatres, in which each actor is alone, perfectly individualized and constantly visible...Full lighting and the eye of a supervisor [‘inspector’] capture better than darkness, which ultimately protected. Visibility is a trap.”

While commonly conceived as ideal for the prison arrangement, the panopticon design is applicable and adaptable to a wide range of establishments, including but not limited to work sites, hospital, schools, and/or or any establishment in which individuals “are to be kept under inspection” (Bentham and Bowring 1843, p. 37). It has been suggested, however, that the panopticon functions as a tool for mass (as opposed to personal) surveillance in which large numbers of individuals are monitored, in an efficient sense, by a small number (Clarke 2005, p. 9). This differs from the more efficient, automated means of dataveillance (to be shortly examined). In enabling mass surveillance, the panopticon theoretically allows power to be. In examining the theme of control with respect to LBS, it is valuable to initially refer to general surveillance scholarship to aid in understanding the link between LBS and surveillance. Surveillance literature is somewhat dominated by the use of metaphors to express the phenomenon. Foucault (1977, pp. 202-203) provides a succinct summary of this point:

“He who is subjected to a field of visibility, and who knows it, assumes responsibility for the constraints of power; he makes them play spontaneously upon himself; he inscribes in himself the power relation in which he simultaneously plays both roles; he becomes the principle of his own subjection.”

This self-disciplinary mechanism functions similarly, and can somewhat be paralleled, to various notions in George Orwell’s classic novel Nineteen Eighty Four (Orwell 1949), also a common reference point in surveillance literature. Nineteen Eighty Four has been particularly influential in the surveillance realm, notably due to the use of “Big Brother” as a symbol of totalitarian, state-based surveillance. Big Brother’s inescapable presence is reflected in the nature of surveillance activities. That is, that monitoring is constant and omnipresent and that “[n]othing was your own except the few cubic centimetres inside your skull” (Orwell 1949, p. 29). The oppressive authority figure of Big Brother possesses the ability to persistently monitor and control the lives of individuals, employing numerous mechanisms to exert power and control over his populace as a reminder of his unavoidable gaze.

One such mechanism is the use of telescreens as the technological solution enabling surveillance practices to be applied. The telescreens operate as a form of self-disciplinary tool by way of reinforcing the idea that citizens are under constant scrutiny (in a similar fashion to the inspector’s lodge in the panopticon metaphor). The telescreens inevitably influence behaviours, enabling the state to maintain control over actions and thoughts, and to impose appropriate punishments in the case of an offence. This is demonstrated in the following excerpt:

“It was terribly dangerous to let your thoughts wander when you were in any public place or within range of a telescreen. The smallest thing could give you away. A nervous tic, an unconscious look of anxiety, a habit of muttering to yourself – anything that carried with it the suggestion of abnormality, of having something to hide. In any case, to wear an improper expression on your face (to look incredulous when a victory was announced, for example) was itself a punishable offence” (Orwell 1949, p. 65).

The Internet of Things, with its ability to locate and determine who is or what is related to one another using a multiplicity of technologies, will enable authorities in power to infer what someone is likely to do in a given context. Past behavioural patterns, can for example, reveal a likely course of action with relatively no prediction required. IoT in all its glory will provide complete visibility- the question is what are the risks associated with providing that kind of capability to the state or private enterprise? In scenario analysis we can ponder how IoT in a given context will be used for good, how it will be used for bad, and a neutral case where it will have no effect whatsoever because the data stream will be ignored by the system owner. While IoT has been touted as the ultimate in providing great organisational operational returns, one can see how it can lend itself to location-based tracking and monitoring using a panopticon metaphor. Paper records and registers were used during World War 2 for the purposes of segregation, IoT and especially the ability to “locate on demand”, may well be used for similar types of control purposes.

Applying surveillance metaphors to LBS 1.2.3

The aforementioned surveillance metaphors can be directly applied to the case of LBS within IoT. In the first instance, it can be perceived that the exploitation of emerging technologies, such as LBS, extends the notion of the panopticon in a manner that allows for inspection or surveillance to take place regardless of geographic boundaries or physical locations. When applying the idea of the panopticon to modern technologies, Lyon suggests that “Bentham’s panopticon gives way to the electronic superpanopticon” (Lyon 2001, p. 108). With respect to LBS, this superpanopticon is not limited to and by the physical boundaries of a particular establishment, but is rather reliant on the nature and capabilities of the mobile devices used for ‘inspection’. In an article titled “The Panopticon's Changing Geography”, Dobson and Fischer (2007) also discuss progress and various manifestations of surveillance technology, specifically the panopticon, and the consequent implications on power relationships. From Bentham's architectural design, to the electronic panopticon depicted by Orwell, and contemporary forms of electronic surveillance including LBS and covert human tracking, Dobson and Fisher (2007, p. 308-311) claim that all forms of watching enable continuous surveillance either as part of their primary or secondary purpose. They compare four means of surveillance- analogue technologies as used by spies which have unlimited geographic coverage and are very expensive to own and operate, Bentham’s original panopticon where the geographic view was internal to a building, George Orwell’s big brother view which was bound by the extent of television cables, and finally human tracking systems which were limited only by the availability and granularity of cell phone towers.

A key factor in applying the panopticon metaphor to IoT is that individuals, through the use of mobile location devices and technologies, will be constantly aware of their visibility and will assume the knowledge that an ‘inspector’ may be monitoring their location and other available information remotely at any given time. Mobile location devices may similarly replace Orwell’s idea of the telescreens as Big Brother’s primary surveillance technology, resulting in a situation in which the user is aiding in the process of location data collection and thereby surveillance. This creates, as maintained by Andrejevic (2007, p. 95), a “widening ‘digital enclosure’ within which a variety of interactive devices that provide convenience and customization to users double as technologies for gathering information about them.”

‘Geoslavery’ 1.2.4

Furthermore, in extreme situations, LBS may facilitate a new form of slavery, “geoslavery”, which Dobson and Fischer (2003, pp. 47-48) reveal is “a practice in which one entity, the master, coercively or surreptitiously monitors and exerts control over the physical location of another individual, the slave. Inherent in this concept is the potential for a master to routinely control time, location, speed, and direction for each and every movement of the slave or, indeed, of many slaves simultaneously.” In their seminal work, the authors flag geoslavery as a fundamental human rights issue (Dobson and Fisher 2003, p. 49), one that has the potential to somewhat fulfil Orwell's Big Brother prophecy, differing only in relation to the sophistication of LBS in comparison to visual surveillance and also in terms of who is in control. While Orwell’s focus is on the state, Dobson and Fischer (2003, p. 51) caution that geoslavery can also be performed by individuals “to control other individuals or groups of individuals.”

From state-based to citizen level surveillance 1.2.5

Common in both Discipline and Punish and Nineteen Eighty Four is the perspective that surveillance activities are conducted at the higher level of the “establishment”; that is, institutional and/or state-based surveillance. However, it must be noted that similar notions can be applied at the consumer or citizen level. Mark Andrejevic (2007, p. 212), in his book iSpy: Surveillance and Power in the Interactive Era, terms this form of surveillance as “lateral or peer-to-peer surveillance.” This form of surveillance is characterised by “increasing public access to the means of surveillance – not just by corporations and the state, but by individuals” (Andrejevic 2007, p. 212). Similarly, Barreras and Mathur (2007, pp. 176-177) state that wireless location tracking capabilities are no longer limited to law enforcement, but are open to any interested individual. Abbas et al. (2011, pp. 20-31) further the discussion by focussing on related notions, explicitly, the implications of covert LBS-based surveillance at the community level, where technologies typically associated with policing and law enforcement are increasingly available for use by members of the community. With further reference to LBS, Dobson and Fischer (2003, p. 51) claim that the technology empowers individuals to control other individuals or groups, while also facilitating extreme activities. For instance, child protection, partner tracking and employee monitoring can now take on extreme forms through the employment of LBS (Dobson and Fisher 2003, p. 49). According to Andrejevic (2007, p. 218), this “do-it-yourself” approach assigns the act of monitoring to citizens. In essence higher degrees of control are granted to individuals thereby encouraging their participation in the surveillance process (Andrejevic 2007, pp. 218-222). It is important to understand IoT in the context of this multifaceted “watching”. IoT will not only be used by organisations and government agencies, but individuals in a community will also be granted access to information at small units of aggregated data. This has implications at a multiplicity of levels. Forces of control will be manifold.

Dataveillance 1.2.6

The same sentiments can be applied to the related, and to an extent superseding, notion of data surveillance, commonly referred to as dataveillance. Coined by Roger Clarke in the mid-eighties, dataveillance is defined as “the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons” (Clarke 1988). Clarke (2005, p. 9) maintains that this process is automated and therefore a relatively economical activity when compared with other forms of surveillance, in that dataveillance activities are centred on examination of the data trails of individuals. For example, traditional forms of surveillance rely on expensive visual monitoring techniques, whereas dataveillance is largely an economically efficient alternative (Clarke 1994; 2001d, p. 11). Visual behavioural monitoring (that is, traditional surveillance) is an issue, but is nonetheless overshadowed by the challenges associated with dataveillance, particularly with reference to personal and mass dataveillance (Clarke 2005, pp. 9-10). That is, personal dataveillance presents risks to the individual based primarily on the potential for the collected data/information to be incorrect or outdated, while mass dataveillance is risky in that it may generate suspicion amongst individuals (Albrecht & Michael, 2013).

Risks associated with dataveillance 1.2.7

Clarke’s early and influential work on “Information Technology and Dataveillance” recognises that information technology is accelerating the growth of dataveillance, which presents numerous benefits and risks (Clarke 1988, pp. 498, 505-507). Clarke lists advantages in terms of safety and government applications, while noting the dangers associated with both personal and mass dataveillance (Clarke 1988, pp. 505-507). These risks can indeed be extended or applied to the use of location and tracking technologies to perform dataveillance activities, resulting in what can be referred to as “dataveillance on the move” (Michael and Michael 2012). The specific risks include: ability for behavioural patterns to be exposed and cross-matched, potentially for revelations that may be harmful from a political and personal perspective, rise in the use of “circumstantial evidence”, transparency of behaviour resulting in the misuse of information relating to an individual’s conduct, and “actual repression of the readily locatable and trackable individual” (Clarke 2001b, p. 219). Emerging from this analysis, and that concerning surveillance and related metaphors, is the significant matter of loss of control.

Loss of control 1.2.8

Michael et al. (2006a, p. 2) state, in the context of GPS tracking, that the issue of control is a leading ethical challenge given the invasive nature of this form of monitoring. The mode of control can differ depending on the context. For instance, the business context may include control through directing or ‘pushing’ advertisements to a specific individual, and at personal/individual level could signify control in the manner of “self-direction” (Perusco et al. 2006, p. 93). Other forms of social control can also be exercised by governments and organisations (Clarke 2003b), while emerging LBS solutions intended for the consumer sector extend the notion of control to community members (Abbas et al. 2011). This is an area that has not been adequately addressed in the literature. The subsequent risks to the individual are summarised in the following passage:

“Location technologies therefore provide, to parties that have access to the data, the power to make decisions about the entity subject to the surveillance, and hence exercise control over it. Where the entity is a person, it enables those parties to make determinations, and to take action, for or against that person’s interests. These determinations and actions may be based on place(s) where the person is, or place(s) where the person has been, but also on place(s) where the person is not, or has not been” (Wigan and Clarke 2006, p. 393).

Therefore GPS and other location devices and technologies may result in decreased levels of control from the perspective of the individual being monitored. For example, in an article based on the use of scenarios to represent the social implications associated with the implementation of LBS, Perusco and Michael (2007) demonstrate the various facets of control in relation to LBS. The discussion is generally centred on the loss of control which can be experienced in numerous ways, such as when a device does not accurately operate, or when an individual constantly monitors a family member in an attempt to care for them (Perusco and Michael 2007, pp. 6-7, 10). The authors raise valuable ideas with respect to control, such as the need to understand the purpose of control, the notion of consent, and developing methods to deal with location inaccuracies amongst others (p. 14). Perusco and Michael further assert that control has a flow-on effect on other issues, such as trust for instance, with the authors questioning whether it is viable to control individuals given the likely risk that trust may be relinquished in the process (p. 13).

Concurrent with loss of control, the issue of pre-emptive control with respect to LBS is a delicate one, specifically in relation to suspected criminals or offenders. Perusco et al. (2006, p. 92) state that the punishment of a crime is typically proportionate to the committed offence, thus the notion of pre-emptive monitoring can be considered fundamentally flawed given that individuals are being punished without having committed an offence. Rather, they are suspected of being a threat. According to Clarke and Wigan (2011), a person is perceived a threat, based on their “personal associations” which can be determined using location and tracking technologies to establish the individual’s location in relation to others, and thus control them based on such details. This is where IoT fundamentally comes into play. While location information can tell us much about where an individual is at any point in time, it is IoT that will reveal the inter-relationships and frequency of interaction, and specific application of measurable transactions. IoT is that layer that will bring things to be scrutinized in new ways.  

This calls for an evaluation of LBS solutions that can be used for covert operations. Covert monitoring using LBS is often considered a useful technique, one that promotes less opposition than overt forms of monitoring, as summarised below:

“Powerful economic and political interests are seeking to employ location and tracking technologies surreptitiously, to some degree because their effectiveness is greater that way, but mostly in order to pre-empt opposition” (Clarke 2001b, p. 221).

Covert applications of LBS are increasingly available for the monitoring and tracking of social relations such as a partner or a child (Abbas et al. 2011). Regardless of whether covert or overt, using LBS for monitoring is essentially about control, irrespective of whether the act of controlling is motivated by necessity, or for more practical or supportive purposes (Perusco et al. 2006, p. 93). 

Studies focussing on user requirements for control 1.2.9

The control dimension is also significant in studies focussing on LBS users, namely, literature concerned with user-centric design, and user adoption and acceptance of LBS and related mobile solutions. In a paper focussing on understanding user requirements for the development of LBS, Bauer et al. (2005, p. 216) report on a user’s “fear” of losing control while interacting with mobile applications and LBS that may infringe on their personal life. The authors perceive loss of control to be a security concern requiring attention, and suggest that developers attempt to relieve the apprehension associated with increased levels of personalisation though ensuring that adequate levels of control are retained (Bauer et al. 2005, p. 216). This is somewhat supported by the research of Xu and Teo (2004, pp. 793-803), in which the authors suggest that there exists a relationship between control, privacy and intention to use LBS. That is, a loss of control results in a privacy breach, which in turn impacts on a user’s intention to embrace LBS.

The aforementioned studies, however, fail to explicitly incorporate the concept of value into their analyses. Due to the lack of literature discussing the three themes of privacy, value and control, Renegar et al. (2008, pp. 1-2) present the privacy-value-control (PVC) trichotomy as a paradigm beneficial for measuring user acceptance and adoption of mobile technologies. This paradigm stipulates the need to achieve harmony amongst the concepts of privacy, value and control in order for a technology to be adopted and accepted by the consumer. However, the authors note that perceptions of privacy, value and control are dependent on a number of factors or entities, including the individual, the technology and the service provider (Renegar et al. 2008, p. 9). Consequently, the outcomes of Renegar et al.’s study state that privacy does not obstruct the process of adoption but rather the latter must take into account the value proposition in addition to the amount of control granted.

Monitoring using LBS: control versus care? 1.2.10

The focus of the preceding sections has been on the loss of control, the dangers of pre-emptive control, covert monitoring, and user perspectives relating to the control dimension. However, this analysis should not be restricted to the negative implications arising from the use of LBS, but rather should incorporate both the control and care applications of LBS. For instance, while discussions of surveillance and the term in general typically invoke sinister images, numerous authors warn against assuming this subjective viewpoint. Surveillance should not be considered in itself as disagreeable. Rather, “[t]he problem has been the presumptiveness of its proponents, the lack of rational evaluation, and the exaggerations and excesses that have been permitted” (Clarke 2007a, p. 42). This viewpoint is reinforced in the work of Elliot and Phillips (2004, p. 474), and can also be applied to dataveillance.

The perspective that surveillance inevitability results in negative consequences such as individuals possessing excessive amounts of control over each other should be avoided. For instance, Lyon (2001, p. 2) speaks of the dual aspects of surveillance in that “[t]he same process, surveillance – watching over – both enables and constrains, involves care and control.”  Michael et al. (2006a) reinforce such ideas in the context of GPS tracking and monitoring. The authors claim that GPS tracking has been employed for control purposes in various situations, such as policing/law enforcement, the monitoring of parolees and sex offenders, the tracking of suspected terrorists and the monitoring of employees (Michael et al. 2006a, pp. 2-3). However, the authors argue that additional contexts such as convenience and care must not be ignored, as GPS solutions may potentially simplify or enable daily tasks (convenience) or be used for healthcare or protection of vulnerable groups (care) (Michael et al. 2006a, pp. 3-4). Perusco and Michael (2005) further note that the tracking of such vulnerable groups indicates that monitoring activities are no longer limited to those convicted of a particular offence, but rather can be employed for protection and safety purposes. Table 1 provides a summary of GPS tracking and monitoring applications in the control, convenience and care contexts, adapted from Michael et al. (2006a, pp. 2-4), identifying the potentially constructive uses of GPS tracking and monitoring.

Table 1: GPS monitoring applications in the control, convenience and care contexts, adapted from Michael et al. (2006a, pp. 2-4)

Table 1: GPS monitoring applications in the control, convenience and care contexts, adapted from Michael et al. (2006a, pp. 2-4)

It is crucial that in evaluating LBS control literature and establishing the need for LBS regulation, both the control and care perspectives are incorporated. The act of monitoring should not immediately conjure up sinister thoughts. The focus should preferably be directed to the important question of purpose or motives. Lyon (2007, p. 3) feels that purpose may exist anywhere on the broad spectrum between care and control. Therefore, as expressed by Elliot and Phillips (2004, p. 474), a crucial factor in evaluating the merit of surveillance activities and systems is determining “how they are used.” These sentiments are also applicable to dataveillance. It is helpful at this point to discuss alternative and related practices that may incorporate location information throughout the monitoring process.

Sousveillance 1.2.11

The term sousveillance, coined by Steve Mann, comes from the French terms sous which means from below, and veiller which means to watch (Mann et al. 2003, p. 332). It is primarily a form of “inverse surveillance” (Mann et al. 2003, p. 331), whereby an individual is in essence “surveilling the surveillers” (p. 332). Sousveillance is reliant on the use of wearable computing devices to capture audiovisual and sensory data (Mann 2005, p. 625). A major concern with respect to sousveillance, according to Mann (2005, p. 637), is the dissemination of the recorded data which for the purposes of this investigation, may include images of locations and corresponding geographic coordinates.

Sousveillance, ‘reflectionism’ and control 1.2.12

Relevant to the theme of control, it has been argued that sousveillance can be utilised as a form of resistance to unwarranted surveillance and control by institutions. According to Mann et al. (2003, p. 333), sousveillance is a type of reflectionism in which individuals can actively respond to bureaucratic monitoring and to an extent “neutralize surveillance”. Sousveillance can thus be employed in response to social control in that surveillance activities are reversed:

“The surveilled become sousveillers who engage social controllers (customs officials, shopkeepers, customer service personnel, security guards, etc.) by using devices that mirror those used by these social controllers” (Mann et al. 2003, p. 337).

Sousveillance differs from surveillance in that traditional surveillance activities are “centralised” and “localized.” It is dispersed in nature and “delocalized” in its global coverage (Ganascia 2010, p. 496). As such, sousveillance requires new metaphors for understanding its fundamental aspects. A useful metaphor proposed by Ganascia (2010, p. 496) for describing sousveillance is the canopticon, which can be contrasted to the panopticon metaphor. At the heart of the canopticon are the following principles:

“total transparency of society, fundamental equality, which gives everybody the ability to watch – and consequently to control – everybody else, [and] total communication, which enables everyone to exchange with everyone else” (Ganascia 2010, p. 497).

This exchange may include the dissemination of location details, thus signalling the need to incorporate sousveillance into LBS regulatory discussions. A noteworthy element of sousveillance is that it shifts the ability to control from the state/institution (surveillance) to the individual. While this can initially be perceived as an empowering feature, excessive amounts of control, if unchecked, may prove detrimental. That is, control may be granted to individuals to disseminate their location (and other) information, or the information of others, without the necessary precautions in place and in an unguarded fashion. The implications of this exercise are sinister in their extreme forms. When considered within the context of IoT, sousveillance ideals are likely compromised. Yes, I can fight back against state control and big brother with sousveillance but in doing so I unleash potentially a thousand or more little brothers, each with their capacity to (mis)use the information being gathered.

Towards überveillance 1.2.13

The concepts of surveillance, dataveillance and sousveillance have been examined with respect to their association with location services in an IoT world. It is therefore valuable, at this point, to introduce the related notion of überveillance. Überveillance, a term coined by M.G. Michael in 2006, can be described as “an omnipresent electronic surveillance facilitated by technology that makes it possible to embed surveillance devices in the human body” (Michael et al. 2006b; Macquarie Dictionary 2009, p. 1094). Überveillance combines the dimensions of identification, location and time, potentially allowing for forecasting and uninterrupted real-time monitoring (Michael and Michael 2007, pp. 9-10), and in its extreme forms can be regarded as “Big Brother on the inside looking out” (p. 10).

Überveillance is considered by several authors to be the contemporary notion that will supplant surveillance. For instance, Clarke (2007a, p. 27) suggests that the concept of surveillance is somewhat outdated and that contemporary discussions be focussed on the notion of überveillance. It has further been suggested that überveillance is built on the existing notion of dataveillance. That is, “[ü]berveillance takes that which was static or discrete in the dataveillance world, and makes it constant and embedded” (Michael and Michael 2007, p. 10). The move towards überveillance thus marks the evolution from physical, visual forms of monitoring (surveillance), through to the increasingly sophisticated and ubiquitous embedded chips (überveillance) (Michael & Michael 2010; Gagnon et al. 2013). Albrecht and McIntyre (2005) describe these embedded chips as “spychips” and were focused predominantly on RFID tracking of people through retail goods and services. They spend considerable space describing the Internet of Things concept. Perakslis and Wolk (2006) studied the social acceptance of RFID implants as a security method and Perakslis later went on to incorporate überveillance into her research into behavioural motivators and personality factors toward adoption of humancentric IoT applications.

Given that überveillance is an emerging term (Michael and Michael 2007, p. 9), diverse interpretations have been proposed. For example, Clarke (2007a) offers varying definitions of the term, suggesting that überveillance can be understood as any of the following: omni-surveillance, an apocalyptic notion that “applies across all space and all time (omnipresent), and supports some organisation that is all-seeing and even all-knowing (omniscient)”, which can be achieved through the use of embedded chips for instance (p. 33); exaggerated surveillance, referring to “the extent to which surveillance is undertaken... its justification is exaggerated” (p. 34) ; and/or meta-, supra-, or master-surveillance, which “could involve the consolidation of multiple surveillance threads in order to develop what would be envisaged by its proponents to be superior information” (p. 38). Shay et al. (2012) acknowledge:

“The pervasive nature of sensors coupled with recent advances in data mining, networking, and storage technologies creates tools and data that, while serving the public good, also create a ubiquitous surveillance infrastructure ripe for misuse. Roger Clarke’s concept of dataveillance and M.G. Michael and Katina Michael’s more recent uberveillance serve as important milestones in awareness of the growing threat of our instrumented world.”

All of these definitions indicate direct ways in which IoT applications can also be rolled-out whether it is for use of vehicle management in heavy traffic conditions, the tracking of suspects in a criminal investigation or even employees in a workplace. Disturbing is the manner in which a whole host of applications, particularly in tollways and public transportation, are being used for legal purposes without the knowledge of the driver and commuter. “Tapping” token cards is not only encouraged but mandatory at most metropolitan train stations of developed countries. Little do commuters know that the data gathered by these systems can be requested by a host of government agencies without a warrant.

Implications of überveillance on control 1.2.14

Irrespective of interpretation, the subject of current scholarly debate relates to the implications of überveillance on individuals in particular, and society in general. In an article discussing the evolution of automatic identification (auto-ID) techniques, Michael and Michael (2005) present an account of the issues associated with implantable technologies in humancentric applications. The authors note the evident trend of deploying a technology into the marketplace, prior to assessing the potential consequences (Michael and Michael 2005, pp. 22-33). This reactive approach causes apprehension in view of chip implants in particular, given the inexorable nature of embedded chips, and the fact that once the chip is accepted by the body, it is impossible to remove without an invasive surgical procedure, as summarised in the following excerpt:

“[U]nless the implant is removed within a short time, the body will adopt the foreign object and tie it to tissue. At this moment, there will be no exit strategy, no contingency plan, it will be a life enslaved to upgrades, virus protection mechanisms, and inescapable intrusion” (Michael and Michael 2007, p. 18).

Other concerns relevant to this investigation have also been raised. It is indicated that “über-intrusive technologies” are likely to leave substantial impressions on individuals, families and other social relations, with the added potential of affecting psychological well-being (Michael and Michael 2007, p. 17). Apart from implications for individuals, concerns also emerge at the broader social level that require remedies. For instance, if a state of überveillance is to be avoided, caution must be exercised in deploying technologies without due reflection of the corresponding implications. Namely, this will involve the introduction of appropriate regulatory measures, which will encompass proactive consideration of the social implications of emerging technologies and individuals assuming responsibility for promoting regulatory measures (Michael and Michael 2007, p. 20). It will also require a measured attempt to achieve some form of “balance” (Clarke 2007a, p. 43). The implications of überveillance are of particular relevance to LBS regulatory discussions, given that “overarching location tracking and monitoring is leading toward a state of überveillance” (Michael and Michael 2011, p. 2). As such, research into LBS regulation in Australia must be sensitive to both the significance of LBS to überveillance and the anticipated trajectory of the latter.

Unfortunately the same cannot be said for IoT-specific regulation. IoT is a fluid concept, and in many ways IoT is nebulous. It is made up of a host of technologies that are being integrated and are converging together over time. It is layers upon layers of infrastructure which have emerged since the inception of the first telephone lines to the cloud and wireless Internet today. IoT requires new protocols and new applications but it is difficult to point to a specific technology or application or system that can be subject to some form of external oversight. Herein lie the problems of potential unauthorised disclosure of data, or even misuse of data when government agencies require private enterprise to act upon their requests, or private enterprises work together in sophisticated ways to exploit the consumer.

Comparing the different forms of ‘veillance’ 1.2.15

Various terms ending in ‘veillance’ have been introduced throughout this paper, all of which imply and encompass the process of monitoring. Prior to delving into the dangers of this activity and the significance of LBS monitoring on control, it is helpful to compare the main features of each term. A comparison of surveillance, dataveillance, sousveillance, and überveillance is provided in Table 2.

It should be noted that with the increased use of techniques such as surveillance, dataveillance, sousveillance and überveillance, the threat of becoming a surveillance society looms. According to Ganascia (2010p. 491), a surveillance society is one in which the data gathered from the aforementioned techniques is utilised to exert power and control over others. This results in dangers such as the potential for identification and profiling of individuals (Clarke 1997), the latter of which can be associated with social sorting (Gandy 1993).

Table 2: Comparison of the different forms of ‘veillance’

Identification 1.2.16

Identity and identification are ambiguous terms with philosophical and psychological connotations (Kodl and Lokay 2001, p. 129). Identity can be perceived as “a particular presentation of an entity, such as a role that the entity plays in particular circumstances” (Clarke and Wigan 2011). With respect to information systems, human identification specifically (as opposed to object identification) is therefore “the association of data with a particular human being” (Kodl and Lokay 2001, pp. 129-130). Kodl and Lokay (2001, pp. 131-135) claim that numerous methods exist to identify individuals prior to performing a data linkage, namely, using appearance, social interactions/behaviours, names, codes and knowledge, amongst other techniques. With respect to LBS, these identifiers significantly contribute to the dangers pertaining to surveillance, dataveillance, souseveillance and überveillance. That is, LBS can be deployed to simplify and facilitate the process of tracking and be used for the collection of profile data that can potentially be linked to an entity using a given identification scheme. In a sense, LBS in their own right become an additional form of identification feeding the IoT scheme (Michael and Michael, 2013).

Thus, in order to address the regulatory concerns pertaining to LBS, it is crucial to appreciate the challenges regarding the identification of individuals. Of particularly importance is recognition that once an individual has been identified, they can be subjected to varying degrees of control. As such, in any scheme that enables identification, Kodl and Lokay (2001, p. 136) note the need to balance human rights with other competing interests, particularly given that identification systems may be exploited by powerful entities for control purposes, such as by governments to exercise social control. For an historical account of identification techniques, from manual methods through to automatic identification systems including those built on LBS see Michael and Michael (2009, pp. 43-60). It has also been suggested that civil libertarians and concerned individuals assert that automatic identification (auto-ID) technology “impinges on human rights, the right to privacy, and that eventually it will lead to totalitarian control of the populace that have been put forward since at least the 1970s” (Michael and Michael 2009, p. 364). These views are also pertinent to the notion of social sorting.

Social sorting 1.2.17

In relation to the theme of control, information derived from surveillance, dataveillance, sousveillance and überveillance techniques can also serve the purpose of social sorting, labelled by Oscar Gandy (1993, p. 1) as the “panoptic sort.” Relevant to this discussion, the information may relate to an individual’s location. In Gandy’s influential work The Panoptic Sort: A Political Economy of Personal Information, the author relies on the work of Michel Foucault and other critical theorists (refer to pp. 3-13) in examining the panoptic sort as an “antidemocratic system of control” (Gandy 1993, p. 227). According to Gandy, in this system, individuals are exposed to prejudiced forms of categorisation based on both economic and political factors (pp. 1-2). Lyon (1998, p. 94) describes the database management practices associated with social sorting, classing them a form of consumer surveillance, in which customers are grouped by “social type and location.” Such clustering forms the basis for the exclusion and marginalisation of individuals (King 2001, pp. 47-49). As a result, social sorting is presently used for profiling of individuals and in the market research realm (Bennett and Regan 2004, p. 452).

Profiling 1.2.18

Profiling “is a technique whereby a set of characteristics of a particular class of person is inferred from past experience, and data-holdings are then searched for individuals with a close fit to that set of characteristics” (Clarke 1993). The process is centred on the creation of a profile or model related to a specific individual, based on data aggregation processes (Casal 2004, p. 108). Assorted terms have been employed in labelling this profile. For instance, the model created of an individual using the data collected through dataveillance techniques has been referred to by Clarke (1997) as “the digital persona”, and is related to the “digital dossiers” idea introduced by Solove (2004, pp. 1-7). According to Clarke (1994), the use of networked systems, namely the internet, involves communicating and exposing data and certain aspects of, at times, recognisable behaviour, both of which are utilised in the creation of a personality.

Digital personas and dossiers 1.2.19

The resulting personality is referred to as the digital persona. Similarly, digital dossiers refer to the compilation of comprehensive electronic data related to an individual, utilised in the creation of the “digital person” (Solove 2004, p. 1), also referred to as “digital biographies” (Solove 2002, p. 1086). Digital biographies are further discussed by Solove (2002). In examining the need for LBS regulation throughout the globe, a given regulatory response or framework must appreciate the ease with which (past, present and future) location information can be compiled and integrated into an individual’s digital persona or dossier. Once such information is reproduced and disseminated the control implications are magnified.

With respect to the theme of control, an individual can exercise a limited amount of influence over their digital persona, as some aspects of creating an electronic personality may not be within their direct control. The scope of this article does not allow for reflection on the digital persona in great detail; however, Clarke (1994) offers a thorough investigation of the term, and associated notions such as the passive and active digital persona, in addition to the significance of the digital person to dataveillance techniques such as computer matching and profiling. However, significant to this research is the distinction between the physical and the digital persona and the resultant implications in relation to control, as summarised in the following extract:

“The physical persona is progressively being replaced by the digital persona as the basis for social control by governments, and for consumer marketing by corporations. Even from the strictly social control and business efficiency perspectives, substantial flaws exist in this approach. In addition, major risks to individuals and society arise” (Clarke 1994).

The same sentiments apply with respect to digital dossiers. In particular, Solove (2004, p. 2) notes that individuals are unaware of the ways in which their electronic data is exploited by government and commercial entities, and “lack the power to do much about it.” It is evident that profile data is advantageous for both social control and commercial purposes (Clarke 2001d, p. 12), the latter of which is associated with market research and sorting activities, which have evolved from ideas of “containment” of mobile consumer demand to the “control” model (Arvidsson 2004, pp. 456, 458-467). The control model in particular has been strengthened, but not solely driven, by emerging technologies including LBS, as explained:

“The control paradigm thus permits a tighter and more efficient surveillance that makes use of consumer mobility rather than discarding it as complexity. This ability to follow the consumer around has been greatly strengthened by new technologies: software for data mining, barcode scans, internet tracking devices, and lately location based information from mobile phones” (Arvidsson 2004, p. 467).

Social sorting, particularly for profiling and market research purposes, thus introduces numerous concerns relating to the theme of control, one of which is the ensuing consequences relating to personal privacy. This specifically includes the privacy of location information. In sum, examining the current regulatory framework for LBS in Australia, and determining the need for LBS regulation, necessitates an appreciation of the threats associated with social sorting using information derived from LBS solutions. Additionally, the benefits and risks associated with surveillance, dataveillance, sousveillance and überveillance for control must be measured and carefully contemplated in the proposed regulatory response.

Trust 1.3

Trust is a significant theme relating to LBS, given the importance of the notion to: (a) “human existence” (Perusco et al. 2006, p. 93; Perusco and Michael 2007, p. 10), (b) relationships (Lewis and Weigert 1985, pp. 968-969), (c) intimacy and rapport within a domestic relationship (Boesen et al. 2010, p. 65), and (d) LBS success and adoption (Jorns and Quirchmayr 2010, p. 152). Trust can be defined, in general terms, as the “firm belief in the reliability, truth, or ability of someone or something” (Oxford Dictionary 2012b). A definition of trust that has been widely cited in relevant literature is “the willingness of a party to be vulnerable to the actions of another party based on the expectation that the other will perform a particular action important to the trustor, irrespective of the ability to monitor or control that other party” (Mayer et al. 1995, p. 712). Related to electronic relationships or transactions, the concept has been defined as the “confident reliance by one party on the behaviour of other parties” (Clarke 2001c, p. 291), and it has been suggested that in the electronic-commerce domain, in particular, trust is intimately associated with the disclosure of information (Metzger 2004).

In reviewing literature concerning trust, Fusco et al. (2011, p. 2) claim that trust is typically described as a dynamic concept falling into the categories of cognitive (evidence based), emotional (faith-based), and/or behavioural (conduct-based) trust. For further reading, the major sources on trust can be found in: Lewis and Weigert's (1985) sociological treatment of trust, the influential work of Mayer et al. (1995) and the authors’ updated work Schoorman et al. (2007) centred on organisational trust, Weckert’s (2000) comprehensive review of trust in the context of workplace monitoring using electronic devices, research on trust in electronic-commerce (refer to McKnight and Chervany 2001; Pavlou 2003; Kim et al. 2009) and mobile-commerce (see Siau and Shen 2003; Yeh and Li 2009), the work of Valachich (2003) that introduces and evaluates trust in terms of ubiquitous computing environments, Dwyer et al.’s (2007) article on trust and privacy issues in social networks, Yan and Holtmanns’ (2008) examination of issues associated with digital trust management, the work of Chen et al. (2008) covering the benefits and concerns of LBS usage including privacy and trust implications, and the research by Junglas and Spitzmüller (2005) that examines privacy and trust issues concerning LBS by presenting a research model that incorporates these aspects amongst others.

For the purpose of this paper, the varying definitions and categorisations are acknowledged. However, trust will be assessed in terms of the relationships dominating existing LBS/IoT scholarship which comprise the government-citizen relationship centred on trust in the state, the business-consumer relationship associated with trust in corporations/LBS providers, and the consumer-consumer relationship concerned with trust in individuals/others.

Trust in the state 1.3.1

Trust in the state broadly covers LBS solutions implemented by government, thus representing the government-citizen relationship. Dominating current debates and literature are LBS government initiatives in the form of emergency management schemes, in conjunction with national security applications utilising LBS, which depending on the nature of their implementation may impact on citizens’ trust in the state. These concerns are typically expressed as a trade-off between security and safety. At present there are very few examples of fully-fledged IoT systems to point to, although increasingly quasi-IoT systems are being deployed using wireless sensor networks of varying kinds, e.g. for bushfire management and for fisheries. These systems do not include a direct human stakeholder but are still relevant as they may trigger flow-on effects that do impact citizenry.

Balancing trust and privacy in emergency services 1.3.2

In the context of emergency management, Aloudat and Michael (2011, p. 58) maintain that the dominant theme between government and consumers in relation to emergency warning messages and systems is trust. This includes trust in the LBS services being delivered and in the government itself (Aloudat and Michael 2011, p. 71). While privacy is typically believed to be the leading issue confronting LBS, in emergency and life-threatening situations it is overwhelmed by trust-related challenges, given that users are generally willing to relinquish their privacy in the interest of survival (Aloudat and Michael 2010, p. 2). Furthermore, the success of these services is reliant on trust in the technology, the service, and the accuracy/reliability/timeliness of the emergency alert. On the whole, this success can be measured in terms of citizens’ confidence in their government’s ability to sensibly select and implement a fitting emergency service utilising enhanced LBS features. In a paper that examines the deployment of location services in Dutch public administration, van Ooijen and Nouwt (2009, p. 81) assess the impact of government-based LBS initiatives on the government-citizen relationship, recommending that governments employ care in gathering and utilising location-based data about the public, to ensure that citizens' trust in the state is not compromised.

Trust-related implications of surveillance in the interest of national security 1.3.3

Trust is also prevalent in discussions relating to national security. National security has been regarded a priority area for many countries for over a decade, and as such has prompted the implementation of surveillance schemes by government. Wigan and Clarke (2006, p. 392) discuss the dimension of trust as a significant theme contributing to the social acceptance of a particular government surveillance initiative, which may incorporate location and tracking of individuals and objects. The implementation of surveillance systems by the state, including those incorporating LBS, can diminish the public’s confidence in the state given the potential for such mechanisms to be perceived as a form of authoritarian control. Nevertheless, a situation where national security and safety are considered to be in jeopardy may entail (partial) acceptance of various surveillance initiatives that would otherwise be perceived objectionable. In such circumstances, trust in government plays a crucial role in determining individuals’ willingness to compromise various civil liberties. This is explained by Davis and Silver (2004, p. 35) below:

“The more people trust the federal government or law enforcement agencies, the more willing they are to allow the government leeway in fighting the domestic war on terrorism by conceding some civil liberties.”

However, in due course it is expected that such increased security measures (even if initially supported by citizens) will yield a growing gap between government and citizens, “potentially dampening citizen participation in government and with it reducing citizens’ trust in public institutions and officials” (Gould 2002, p. 77). This is so as the degree of threat and trust in government is diminishing, thus resulting in the public’s reluctance to surrender their rights for the sake of security (Sanquist et al. 2008, p. 1126). In order to build and maintain trust, governments are required to be actively engaged in developing strategies to build confidence in both their abilities and of the technology under consideration, and are challenged to recognise “the massive harm that surveillance measures are doing to public confidence in its institutions” (Wigan and Clarke 2006, p. 401). It has been suggested that a privacy impact assessment (PIA) aids in establishing trust between government and citizens (Clarke 2009, p. 129). Carefully considered legislation is an alternative technique to enhance levels of trust. With respect to LBS, governments are responsible for proposing and enacting regulation that is in the best interest of citizens, incorporating citizen concerns into this process and encouraging suitable design of LBS applications, as explained in the following quotation:

“...new laws and regulations must be drafted always on the basis of citizens’ trust in government authorities. This means that citizens trust the government to consider the issues at stake according to the needs and wishes of its citizens. Location aware services can influence citizens’ trust in the democratic society. Poorly designed infrastructures and services for storing, processing and distributing location-based data can give rise to a strong feeling of being threatened. Whereas a good design expands the feeling of freedom and safety, both in the private and in the public sphere/domain” (Beinat et al. 2007, p. 46).

One of the biggest difficulties that will face stakeholders is identifying when current LBS systems become a part of bigger IoT initiatives. Major changes in systems will require a re-evaluation of impact assessments of different types.

Need for justification and cultural sensitivity 1.3.4

Techniques of this nature will fail to be espoused, however, if surveillance schemes lack adequate substantiation at the outset, as trust is threatened by “absence of justification for surveillance, and of controls over abuses” (Wigan and Clarke 2006, p. 389). From a government perspective, this situation may prove detrimental, as Wigan and Clarke (2006, p. 401) claim that transparency and trust are prerequisites for ensuring public confidence in the state, noting that “[t]he integrity of surveillance schemes, in transport and elsewhere, is highly fragile.” Aside from adequate justification of surveillance schemes, cultural differences associated with the given context need to be acknowledged as factors influencing the level of trust citizens hold in government. As explained by Dinev et al. (2005, p. 3) in their cross-cultural study of American and Italian Internet users' privacy and surveillance concerns, “[a]ttitudes toward government and government initiatives are related to the culture’s propensity to trust.” In comparing the two contexts, Dinev et al. claim that Americans readily accept government surveillance to provide increased levels of security, whereas Italians’ low levels of trust in government results in opposing viewpoints (pp. 9-10).

Trust in corporations/LBS/IoT providers 1.3.5

Trust in corporations/LBS/IoT providers emerges from the level of confidence a user places in an organisation and their respective location-based solution(s), which may be correlated to the business-consumer relationship. In the context of consumer privacy, Culnan and Bies (2003, p. 327) assert that perceived trust in an organisation is closely linked to the extent to which an organisation's practices are aligned with its policies. A breach in this trust affects the likelihood of personal information disclosure in the future (Culnan and Bies 2003, p. 328), given the value of trust in sustaining lasting customer relationships (p. 337). Reducing this “trust gap” (Culnan and Bies 2003, pp. 336-337) is a defining element for organisations in achieving economic and industry success, as it may impact on a consumer’s decision to contemplate location data usage (Chen et al. 2008, p. 34). Reducing this gap requires that control over location details remain with the user, as opposed to the LBS provider or network operator (Giaglis et al. 2003, p. 82). Trust can thus emerge from a user’s perception that they are in command (Junglas and Spitzmüller 2005, p. 3). 

Küpper and Treu (2010, pp. 216-217) concur with these assertions, explaining that the lack of uptake of first-generation LBS applications was chiefly a consequence of the dominant role of the network operator over location information. This situation has been somewhat rectified since the introduction of GPS-enabled devices capable of determining location information without input from the network operator and higher emphasis on a user-focussed model (Bellavista et al. 2008, p. 85; Küpper and Treu 2010, p. 217). Trust, however, is not exclusively concerned with a network operator’s ability to determine location information, but also with the possible misuse of location data. As such, it has also been framed as a potential resolution to location data misappropriation, explained further by Jorns and Quirchmayr (2010, p. 152) in the following excerpt:

“The only way to completely avoid misuse is to entirely block location information, that is, to reject such services at all. Since this is not an adequate option... trust is the key to the realization of mobile applications that exchange sensitive information.”

There is much to learn from the covert and overt location tracking of large corporation on their subscribers. Increasingly, the dubious practices of retaining location information by information and communication technology giants Google, Apple and Microsoft are being reported and only small commensurate penalties being applied in countries in the European Union and Asia. Disturbing in this trend is that even smaller suppliers of location-based applications are beginning to unleash unethical (but seemingly not illegal) solutions at shopping malls and other campus-based locales (Michael & Clarke 2013).

Importance of identity and privacy protection to trust 1.3.6

In delivering trusted LBS solutions, Jorns and Quirchmayr (2010, pp. 151-155) further claim that identity and privacy protection are central considerations that must be built into a given solution, proposing an LBS architecture that integrates such safeguards. That is, identity protection may involve the use of false dummies, dummy users and landmark objects, while privacy protection generally relies on decreasing the resolution of location data, employing supportive regulatory techniques and ensuring anonymity and pseudonymity (Jorns and Quirchmayr 2010, p. 152). Similarly, and with respect to online privacy, Clarke (2001c, p. 297) suggests that an adequate framework must be introduced that “features strong and comprehensive privacy laws, and systematic enforcement of those laws.” These comments, also applicable to LBS in a specific sense, were made in the context of economic rather than social relationships, referring primarily to government and corporations, but are also relevant to trust amongst social relations.

It is important to recognise that issues of trust are closely related to privacy concerns from the perspective of users. In an article titled, “Trust and Transparency in Location-Based Services: Making Users Lose their Fear of Big Brother”, Böhm et al. (2004, pp. 1-3) claim that operators and service providers are charged with the difficult task of earning consumer trust and that this may be achieved by addressing user privacy concerns and adhering to relevant legislation. Additional studies also point to the relationship between trust and privacy, claiming that trust can aid in reducing the perceived privacy risk for users. For example, Xu et al. (2005) suggest that enhancing trust can reduce the perceived privacy risk. This influences a user's decision to disclose information, and that “service provider’s interventions including joining third party privacy seal programs and introducing device-based privacy enhancing features could increase consumers’ trust beliefs and mitigate their privacy risk perceptions” (Xu et al. 2005, p. 905). Chellappa and Sin (2005, pp. 188-189), in examining the link between trust and privacy, express the importance of trust building, which include consumer’s familiarity and previous experience with the organisation.

Maintaining consumer trust 1.3.7

The primary consideration in relation to trust in the business-consumer relationship is that all efforts be targeted at establishing and building trust in corporations and LBS/IoT providers. Once trust has been compromised, the situation cannot be repaired which is a point applicable to trust in any context. This point is explained by Kaasinen (2003, p. 77) in an interview-based study regarding user requirements in location-aware mobile applications:

“The faith that the users have in the technology, the service providers and the policy-makers should be regarded highly. Any abuse of personal data can betray that trust and it will be hard to win it back again.”

Trust in individuals/others 1.3.8

Trust in the consumer-to-consumer setting is determined by the level of confidence existing between an individual and their social relations, which may include friends, parents, other family members, employers and strangers, categories that are adapted from Levin et al. (2008, pp. 81-82). Yan and Holtmanns (2008, p. 2) express the importance of trust for social interactions, claiming that “[s]ocial trust is the product of past experiences and perceived trustworthiness.” It has been suggested that LBS monitoring can erode trust between the individual engaged in monitoring and the subject being monitored, as the very act implies that trust is lacking in a given relationship (Perusco et al. 2006, p. 93). These concerns are echoed in Michael et al. (2008). Previous studies relevant to LBS and trust generally focus on: the workplace situation, that is, trust between an employer and their employee; trust amongst ‘friends’ subscribed to a location-based social networking (LBSN) service which may include any of the predefined categories above; in addition to studies relating to the tracking of family members, such as children for instance, for safety and protection purposes and the relative trust implications.

Consequences of workplace monitoring 1.3.9

With respect to trust in an employer’s use of location-based applications and location data, a prevailing subject in existing literature is the impact of employee monitoring systems on staff. For example, in studying the link between electronic workplace monitoring and trust, Weckert (2000, p. 248) reported that trust is a significant issue resulting from excessive monitoring, in that monitoring may contribute to deterioration in professional work relationships between an employer and their employee and consequently reduce or eliminate trust. Weckert’s work reveals that employers often substantiate electronic monitoring based on the argument that the “benefits outweigh any loss of trust”, and may include gains for the involved parties; notably, for the employer in the form of economic benefits, for the employee to encourage improvements to performance and productivity, and for the customer who may experience enhanced customer service (p. 249). Chen and Ross (2005, p. 250), on the other hand, argue that an employer’s decision to monitor their subordinates may be related to a low degree of existing trust, which could be a result of unsuitable past behaviour on the part of the employee. As such, employers may perceive monitoring as necessary in order to manage employees. Alternatively, from the perspective of employees, trust-related issues materialise as a result of monitoring, which may leave an impression on job attitudes, including satisfaction and dedication, as covered in a paper by Alder et al. (2006) in the context of internet monitoring.

When applied to location monitoring of employees using LBS, the trust-related concerns expressed above are indeed warranted. Particularly, Kaupins and Minch (2005, p. 2) argue that the appropriateness of location monitoring in the workplace can be measured from either a legal or ethical perspective, which inevitably results in policy implications for the employer. The authors emphasise that location monitoring of employees can often be justified in terms of the security, productivity, reputational and protective capabilities of LBS (Kaupins and Minch 2005, p. 5). However, Kaupins and Minch (2005, pp. 5-6) continue to describe the ethical factors “limiting” location monitoring in the workplace, which entail the need for maintaining employee privacy and the restrictions associated with inaccurate information, amongst others. These factors will undoubtedly affect the degree of trust between an employer and employee.

However, the underlying concern relevant to this discussion of location monitoring in the workplace is not only the suitability of employee monitoring using LBS. While this is a valid issue, the challenge remains centred on the deeper trust-related consequences. Regardless of the technology or applications used to monitor employees, it can be concluded that a work atmosphere lacking trust results in sweeping consequences that extend beyond the workplace, expressed in the following excerpt:

“A low trust workplace environment will create the need for ever increasing amounts of monitoring which in turn will erode trust further. There is also the worry that this lack of trust may become more widespread. If there is no climate of trust at work, where most of us spend a great deal of our life, why should there be in other contexts? Some monitoring in some situations is justified, but it must be restricted by the need for trust” (Weckert 2000, p. 250).

Location-monitoring amongst friends 1.3.10

Therefore, these concerns are certainly applicable to the use of LBS applications amongst other social relations. Recent literature merging the concepts of LBS, online social networking and trust are particularly focused on the use of LBSN applications amongst various categories of friends. For example, Fusco et al.'s (2010) qualitative study examines the impact of LBSN on trust amongst friends, employing a focus group methodology in achieving this aim. The authors reveal that trust may suffer as a consequence of LBSN usage in several ways: as disclosure of location information and potential monitoring activities can result in application misuse in order to conceal things; excessive questioning and the deterioration in trust amongst social relations; and trust being placed in the application rather than the friend (Fusco et al. 2010, p. 7). Further information relating to Fusco et al.’s study, particularly the manner in which LBSN applications adversely impact on trust can be found in a follow-up article (Fusco et al. 2011).

Location tracking for protection 1.3.11

It has often been suggested that monitoring in familial relations can offer a justified means of protection, particularly in relation to vulnerable individuals such as Alzheimer’s or dementia sufferers and in children. With specific reference to the latter, trust emerges as a central theme relating to child tracking. In an article by Boesen et al. (2010) location tracking in families is evaluated, including the manner in which LBS applications are incorporated within the familial context. The qualitative study conducted by the authors revealed that the initial decision to use LBS by participants with children was a lack of existing trust within the given relationship, with participants reporting an improvement in their children's behaviour after a period of tracking (Boesen et al. 2010, p. 70). Boesen et al., however, warn of the trust-related consequences, claiming that “daily socially-based trusting interactions are potentially replaced by technologically mediated interactions” (p. 73). Lack of trust in a child is considered to be detrimental to their growth. The act of nurturing a child is believed to be untrustworthy through the use of technology, specifically location monitoring applications, may result in long-term implications. The importance of trust to the growth of a child and the dangers associated with ubiquitous forms of supervision are explained in the following excerpt:

“Trust (or at least its gradual extension as the child grows) is seen as fundamental to emerging self-control and healthy development... Lack of private spaces (whether physical, personal or social) for children amidst omni-present parental oversight may also create an inhibiting dependence and fear” (Marx and Steeves 2010, p. 218).

Furthermore, location tracking of children and other individuals in the name of protection may result in undesirable and contradictory consequences relevant to trust. Barreras and Mathur (2007, p. 182), in an article that describes the advantages and disadvantages of wireless location tracking, argue that technologies originally intended to protect family members (notably children, and other social relations such as friends and employees), can impact on trust and be regarded as “unnecessary surveillance.” The outcome of such tracking and reduced levels of trust may also result in a “counterproductive” effect if the tracking capabilities are deactivated by individuals, rendering them incapable of seeking assistance in actual emergency situations (Barreras and Mathur 2007, p. 182).

LBS/IoT is a ‘double-edged sword’ 1.3.12

In summary, location monitoring and tracking by the state, corporations and individuals is often justified in terms of the benefits that can be delivered to the party responsible for monitoring/tracking and the subject being tracked. As such, Junglas and Spitzmüller (2005, p. 7) claim that location-based services can be considered a “double-edged sword” in that they can aid in the performance of tasks in one instance, but may also generate Big Brother concerns. Furthermore, Perusco and Michael (2007, p. 10) mention the linkage between trust and freedom. As a result, Perusco et al. (2006, p. 97) suggest a number of questions that must be considered in the context of LBS and trust: “Does the LBS context already involve a low level of trust?”; “If the LBS context involves a moderate to high level of trust, why are LBS being considered anyway?”; and “Will the use of LBS in this situation be trust-building or trust-destroying?” In answering these questions, the implications of LBS/IoT monitoring on trust must be appreciated, given they are significant, irreparable, and closely tied to what is considered the central challenge in the LBS domain, privacy.

This paper has provided comprehensive coverage of the themes of control and trust with respect to the social implications of LBS. The subsequent discussion will extend the examination to cover LBS in the context of the IoT, providing an ethical analysis and stressing the importance of a robust socio-ethical framework.

Discussion 1.4

The Internet of Things (IoT) and LBS: extending the discussion on control and trust 1.4.1

The Internet of Things (IoT) is an encompassing network of connected intelligent “things”, and is “comprised of smart machines interacting and communicating with other machines, objects, environments and infrastructures” (Freescale Semiconductor Inc. and ARM Inc. 2014, p. 1). The phrase was originally coined by Kevin Ashton in 1999, and a definite definition is yet to be agreed upon (Ashton 2009, p. 1; Kranenburg and Bassi 2012, p. 1). Various forms of IoT are often used interchangeably, such as the Internet of Everything, the Internet of Things and People, the Web of Things and People etc. The IoT can, however, be described in terms of its core characteristics and/or the features it encompasses. At the crux of the IoT concept is the integration of the physical and virtual worlds, and the capability for “things” within these realms to be operated remotely through the employment of intelligent or smart objects with embedded processing functionality (Mattern and Floerkemeier 2010, p. 242; Ethics Subgroup IoT 2013, p. 3). These smart objects are capable of storing historical and varied forms of data, used as the basis for future interactions and the establishment of preferences. That is, once the data is processed, it can be utilized to “command and control” things within the IoT ecosystem, ideally resulting in enhancing the everyday lives of individual (Michael, K. et al., 2010).

According to Ashton (2009, p. 1), the IoT infrastructure should “empower computers” and exhibit less reliance on human involvement in the collection of information. It should also allow for “seamless” interactions and connections (Ethics Subgroup IoT 2013, p. 2). Potential use cases include personal/home applications, health/patient monitoring systems, and remote tracking and monitoring which may include applications such as asset tracking amongst others (Ethics Subgroup IoT 2013, p. 3).

As can be anticipated with an ecosystem of this scale, the nature of interactions with the physical/virtual worlds and the varied “things” within, will undoubtedly be affected and dramatically alter the state of play. In the context of this paper, the focus is ultimately on the ethical concerns emerging from the use of LBS within the IoT infrastructure that is characterized by its ubiquitous/pervasive nature, in view of the discussion above regarding control and trust. It is valuable at this point to identify the important role of LBS in the IoT infrastructure.

While the IoT can potentially encompass a myriad of devices, the mobile phone will likely feature as a key element within the ecosystem, providing connectivity between devices (Freescale Semiconductor Inc. and ARM Inc. 2014, p. 2). In essence, smart phones can therefore be perceived as the “mediator” between users, the internet and additional “things”, as is illustrated in Mattern and Floerkemeier (2010, p. 245, see figure 2). Significantly, most mobile devices are equipped with location and spatial capabilities, providing “localization”, whereby intelligent devices “are aware of their physical location, or can be located” (Mattern and Floerkemeier 2010, p. 244). An example of an LBS application in the IoT would be indoor navigation capabilities in the absence of GPS; or in affect seamless navigation between the outdoor and indoor environments.

Control- and trust-related challenges in the IoT 1.4.2

It may be argued that the LBS control and trust implications discussed throughout this paper (in addition to ethical challenges such as privacy and security) will matriculate into the IoT environment. However, it has also been suggested that “the IoT will essentially create much richer environments in which location-based and location-aware technology can function” (Blouin 2014), and in doing so the ethical challenges will be amplified. It has further been noted that ethical issues, including trust and control amongst others, will “gain a new dimension in light of the increased complexity” in the IoT environment (Ethics Subgroup IoT 2013, p. 2).

In relation to control and the previously identified surveillance metaphors, for instance, it is predicted that there will be less reliance on Orwell's notion of Big Brother whereby surveillance is conducted by a single entity. Rather the concept of "some brother" will emerge. Some brother can be defined as "a heterogeneous 'mass' consisting of innumerable social actors, e.g. public sector authorities, citizens' movements and NGOs, economic players, big corporations, SMEs and citizens" (Ethics Subgroup IoT 2013, p. 16). As can be anticipated, the ethical consequences and dangers can potentially multiply in such a scenario.

Following on from this idea, is that of lack of transparency. The IoT will inevitably result in the merging of both the virtual and physical worlds, in addition to public and private spaces. It has been suggested that lack of transparency regarding information access will create a sense of discomfort and will accordingly result in diminishing levels of trust (Ethics Subgroup IoT 2013, p. 8). The trust-related issues (relevant to LBS) are likely to be consistent with those discussed throughout this paper, possibly varying in intensity/severity depending on a given scenario. For example, the consequences of faulty IoT technology have the potential to be greater than those in conventional Internet services given the integration of the physical and virtual worlds, thereby impact on users’ trust in the IoT (Ethics Subgroup IoT 2013, p. 11). Therefore, trust considerations must primarily be examined in terms of: (a) trust in technology, and (b) trust in individuals/others.

Dealing with these (and other) challenges requires an ethical analysis in which appropriate conceptual and practical frameworks are considered. A preliminary examination is provided in the subsequent section, followed by dialogue regarding the need for objectivity in socio-ethical studies and the associated difficulties in achieving this.

Ethical analysis: proposing a socio-ethical conceptual framework 1.4.3

Research into the social and ethical implications of LBS, emerging technologies in general, and the IoT can be categorized in many ways and many frameworks can be applied. For instance, it may be regarded as a strand of “cyberethics”, defined by Tavani (2007, p. 3) as “the study of moral, legal and social issues involving cybertechnology”. Cybertechnology encompasses technological devices ranging from individual computers through to networked information and communication technologies. When considering ethical issues relating to cybertechnology and technology in general, Tavani (2007, pp. 23-24) notes that the latter should not necessarily be perceived as neutral. That is, technology may have “embedded values and biases” (Tavani 2007, p. 24), in that it may inherently provide capabilities to individuals to partake in unethical activities. This sentiment is echoed by Wakunuma and Stahl (2014, p. 393) in a paper examining the perceptions of IS professionals in relation to emerging ethical concerns.

Alternatively, research in this domain may be classed as a form of “computer ethics” or “information ethics”, which can be defined and applied using numerous approaches. While this article does not attempt to provide an in-depth account of information ethics, a number of its crucial characteristics are identified. In the first instance, the value of information ethics is in its ability to provide a conceptual framework for understanding the array of ethical challenges stemming from the introduction of new ICTs (Mathiesen 2004, p. 1). According to Floridi (1999), the question at the heart of information ethics is “what is good for an information entity and the infosphere in general?” The author continues that “more analytically, we shall say that [information ethics] determines what is morally right or wrong, what ought to be done, what the duties, the ‘oughts’ and the ‘ought nots’ of a moral agent are…” However, Capurro (2006, p. 182) disagrees, claiming that information ethics is additionally about “what is good for our bodily being-in-the-world with others in particular?” This involves contemplation of other “spheres” such as the ecological, political, economic, and cultural and is not limited to a study of the infosphere as suggested by Floridi. In this sense, the significance of context, environment and intercultural factors also becomes apparent.

Following on from these notions, there is the need for a robust ethical framework that is multi-dimensional in nature and explicitly covers the socio-ethical challenges emerging from the deployment of a given technology. This would include, but not be limited to, the control and trust issues identified throughout this paper, other concerns such as privacy and security, and any challenges that emerge as the IoT takes shape. This article proposes a broader more robust socio-ethical conceptual framework, as an appropriate means of examining and addressing ethical challenges relevant to LBS; both LBS in general and as a vital mediating component within the IoT. This framework is illustrated in Figure 1. Central to the socio-ethical framework is the contemplation of individuals as part of a broader social network or society, whilst considering the interactions amongst various elements of the overall “system”. The four themes underpinning socio-ethical studies include the investigation of what the human purpose is, what is moral, how justice is upheld and the principles that guide the usage of a given technique. Participants; their interactions with systems; people concerns and behavioural expectations; cultural and religious belief; structures, rules and norms; and fairness, personal benefits and personal harms are all areas of interest in a socio-ethical approach.

Figure 1: Proposed socio-ethical framework, in terms of the major components that require consideration

Figure 1: Proposed socio-ethical framework, in terms of the major components that require consideration

This article is intended to offer a preliminary account of the socio-ethical conceptual framework being proposed. Further research would examine and test its validity, whilst also providing a more detailed account of the various components within and how a socio-ethical assessment would be conducted based on the framework, and the range of techniques that could be applied.

The need for objectivity 1.4.4

Regardless of categorization and which conceptual framework is adopted, numerous authors stress that the focus of research and debates should not be skewed towards the unethical uses of a particular technology, but rather an objective stance should be embraced. Such objectivity must nonetheless ensure that social interests are adequately represented. That is, with respect to location and tracking technologies, Clarke (2001b, p. 220) claims that social interests have been somewhat overshadowed by the economic interests of LBS organisation. This is a situation that requires rectifying. While information technology professionals are not necessarily liable for how technology is deployed, they must nonetheless recognise its implications and be engaged in the process of introducing and promoting adequate safeguards (Clarke 1988, pp. 510-511). It has been argued that IS professionals are generally disinterested in the ethical challenges associated with emerging ICTs, and are rather concerned with the job or the technologies themselves (Wakunuma and Stahl 2014, p. 383).

This is explicitly the case for LBS given that the industry and technology have developed quicker than equivalent social implications scholarship and research, an unfavourable situation given the potential for LBS to have profound impacts on individuals and society (Perusco et al. 2006, p. 91). In a keynote address centred on defining the emerging notion of überveillance, Clarke (2007a, p. 34) discusses the need to measure the costs and disbenefits arising from surveillance practices in general, where costs refer to financial measures, and disbenefits to all non-economic impacts. This involves weighing the negatives against the potential advantages, a response that is applicable to LBS, and pertinent to seeking objectivity.

Difficulties associated with objectivity 1.4.5

However, a major challenge with respect to an impartial approach for LBS is the interplay between the constructive and the potentially damaging consequences that the technology facilitates. For instance, and with specific reference to wireless technologies in a business setting, Elliot and Phillips (2004, p. 474) maintain that such systems facilitate monitoring and surveillance which can be applied in conflicting scenarios. Positive applications, according to Elliot and Phillips, include monitoring to improve effectiveness or provide employee protection in various instances, although this view has been frequently contested. Alternatively, negative uses involve excessive monitoring, which may compromise privacy or lead to situations in which an individual is subjected to surveillance or unauthorised forms of monitoring.

Additional studies demonstrate the complexities arising from the dual, and opposing, uses of a single LBS solution. It has been illustrated that any given application, for instance, parent, healthcare, employee and criminal tracking applications, can be simultaneously perceived as ethical and unethical (Michael et al. 2006a, p. 7). A closer look at the scenario involving parents tracking children, as explained by Michael et al. (2006a, p. 7), highlights that child tracking can enable the safety of a child on the one hand, while invading their privacy on the other. Therefore, the dual and opposing uses of a single LBS solution become problematic and situation-dependent, and indeed increasingly difficult to objectively examine. Dobson and Fischer (2003, p. 50) maintain that technology cannot be perceived as either good or evil in that it is not directly the cause of unethical behaviour, rather they serve to “empower those who choose to engage in good or bad behaviour.”

This is similarly the case in relation to the IoT, as public approval of the IoT is largely centred on “the conventional dualisms of ‘security versus freedom’ and ‘comfort versus data privacy’” (Mattern and Floerkemeier 2010, p. 256). Assessing the implications of the IoT infrastructure as a whole is increasingly difficult.

An alternative obstacle is associated with the extent to which LBS threaten the integrity of the individual. Explicitly, the risks associated with location and tracking technologies “arise from individual technologies and the trails that they generate, from compounds of multiple technologies, and from amalgamated and cross-referenced trails captured using multiple technologies and arising in multiple contexts” (Clarke 2001b, pp. 218). The consequent social implications or “dangers” are thus a product of individuals being convicted, correctly or otherwise, of having committed a particular action (Clarke 2001b, p. 219). A wrongly accused individual may perceive the disbenefits arising from LBS as outweighing the benefits.

However, in situations where integrity is not compromised, an LBS application can be perceived as advantageous. For instance, Michael et al. (2006, pp. 1-11) refer to the potentially beneficial uses of LBS, in their paper focusing on the Avian Flu Tracker prototype that is intended to manage and contain the spread of the infectious disease, by relying on spatial data to communicate with individuals in the defined location. The authors demonstrate that their proposed system which is intended to operate on a subscription or opt-in basis is beneficial for numerous stakeholders such as government, health organisations and citizens (Michael et al. 2006c, p. 6).

Thus, a common challenge confronting researchers with respect to the study of morals, ethics and technology is that the field of ethics is subjective. That is, what constitutes right and wrong behaviour varies depending on the beliefs of a particular individual, which are understood to be based on cultural and other factors specific to the individual in question. One such factor is an individual’s experience with the technology, as can be seen in the previous example centred on the notion of an unjust accusation. Given these subjectivities and the potential for inconsistency from one individual to the next, Tavani (2007, p. 47) asserts that there is the need for ethical theories to direct the analysis of moral issues (relating to technology), given that numerous complications or disagreements exist in examining ethics.

Conclusion 1.5

This article has provided a comprehensive review of the control- and trust-related challenges relevant to location-based services, in order to identify and describe the major social and ethical considerations within each of the themes. The relevance of the IoT in such discussions has been demonstrated and a socio-ethical framework proposed to encourage discussion and further research into the socio-ethical implications of the IoT with a focus on LBS and/or localization technologies. The proposed socio-ethical conceptual framework requires further elaboration and it is recommended that a thorough analysis, beyond information ethics, be conducted based on this paper which forms the basis for such future work. IoT by its very nature is subject to socio-ethical dilemmas because for the greater part, the human is removed from decision-making processes and is instead subject to a machine.


Abbas, R., Michael, K., Michael, M.G. & Aloudat, A.: Emerging Forms of Covert Surveillance Using GPS-Enabled Devices. Journal of Cases on Information Technology 13(2), 2011, 19-33.

Albrecht, K. & McIntyre, L.: Spychips: How Major Corporations and Government Plan to Track Your Every Purchase and Watch Your Every Move. Tomas Nelson 2005.

Albrecht, K. & Michael, K.: Connected: To Everyone and Everything. IEEE Technology and Society Magazine, Winter, 2013, 31-34.

Alder, G.S., Noel, T.W. & Ambrose, M.L.: Clarifying the Effects of Internet Monitoring on Job Attitudes: The Mediating Role of Employee Trust. Information & Management, 43, 2006, 894-903.

Aloudat, A. & Michael, K.: The Socio-Ethical Considerations Surrounding Government Mandated Location-Based Services During Emergencies: An Australian Case Study, in M. Quigley (ed.), ICT Ethics and Security in the 21st Century: New Developments and Applications. IGI Global, Hershey, PA, 2010, 1-26.

Aloudat, A. & Michael, K.: Toward the Regulation of Ubiquitous Mobile Government: A case Study on Location-Based Emergency Services in Australia. Electronic Commerce Research, 11(1), 2011, 31-74.

Andrejevic, M.: ISpy: Surveillance and Power in the Interactive Era. University Press of Kansas, Lawrence, 2007.

Arvidsson, A.: On the ‘Pre-History of the Panoptic Sort’: Mobility in Market Research. Surveillance & Society, 1(4), 2004, 456-474.

Ashton, K.: The "Internet of Things" Things. RFID Journal, 2009, www.rfidjournal.com/articles/pdf?4986

Barreras, A. & Mathur, A.: Chapter 18. Wireless Location Tracking, in K.R. Larsen and Z.A. Voronovich (eds.), Convenient or Invasive: The Information Age. Ethica Publishing, United States, 2007, 176-186.

Bauer, H.H., Barnes, S.J., Reichardt, T. & Neumann, M.M.: Driving the Consumer Acceptance of Mobile Marketing: A Theoretical Framework and Empirical Study. Journal of Electronic Commerce Research, 6(3), 2005, 181-192.

Beinat, E., Steenbruggen, J. & Wagtendonk, A.: Location Awareness 2020: A Foresight Study on Location and Sensor Services. Vrije Universiteit, Amsterdam, 2007, http://reference.kfupm.edu.sa/content/l/o/location_awareness_2020_2_108_86452.pdf

Bellavista, P., Küpper, A. & Helal, S.: Location-Based Services: Back to the Future. IEEE Pervasive Computing, 7(2), 2008, 85-89.

Bennett, C.J. & Regan, P.M.: Surveillance and Mobilities. Surveillance & Society, 1(4), 2004, 449-455.

Bentham, J. & Bowring, J.: The Works of Jeremy Bentham. Published under the Superintendence of His Executor, John Bowring, Volume IV, W. Tait, Edinburgh, 1843.

Blouin, D. An Intro to Internet of Things. 2014, www.xyht.com/spatial-itgis/intro-to-internet-of-things/

Boesen, J., Rode, J.A. & Mancini, C.: The Domestic Panopticon: Location Tracking in Families. UbiComp’10, Copenhagen, Denmark, 2010, pp. 65-74.

Böhm, A., Leiber, T. & Reufenheuser, B.: 'Trust and Transparency in Location-Based Services: Making Users Lose Their Fear of Big Brother. Proceedings Mobile HCI 2004 Workshop On Location Systems Privacy and Control, Glasgow, UK, 2004, 1-4.

Capurro, R.: Towards an Ontological Foundation of Information Ethics. Ethics and Information Technology, 8, 2006, 175-186.

Casal, C.R.: Impact of Location-Aware Services on the Privacy/Security Balance, Info: the Journal of Policy, Regulation and Strategy for Telecommunications. Information and Media, 6(2), 2004, 105-111.

Chellappa, R. & Sin, R.G.: Personalization Versus Privacy: An Empirical Examination of the Online Consumer’s Dilemma. Information Technology and Management, 6, 2005, 181-202.

Chen, J.V., Ross, W. & Huang, S.F.: Privacy, Trust, and Justice Considerations for Location-Based Mobile Telecommunication Services. info, 10(4), 2008, 30-45.

Chen, J.V. & Ross, W.H.: The Managerial Decision to Implement Electronic Surveillance at Work. International Journal of Organizational Analysis, 13(3), 2005, 244-268.

Clarke, R.: Information Technology and Dataveillance. Communications of the ACM, 31(5), 1988, 498-512.

Clarke, R.: Profiling: A Hidden Challenge to the Regulation of Data Surveillance. 1993, http://www.rogerclarke.com/DV/PaperProfiling.html.

Clarke, R.: The Digital Persona and Its Application to Data Surveillance. 1994, http://www.rogerclarke.com/DV/DigPersona.html.

Clarke, R.: Introduction to Dataveillance and Information Privacy, and Definitions of Terms. 1997, http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html.

Clarke, R.: Person Location and Person Tracking - Technologies, Risks and Policy Implications. Information Technology & People, 14(2), 2001b, 206-231.

Clarke, R.: Privacy as a Means of Engendering Trust in Cyberspace Commerce. The University of New South Wales Law Journal, 24(1), 2001c, 290-297.

Clarke, R.: While You Were Sleeping… Surveillance Technologies Arrived. Australian Quarterly, 73(1), 2001d, 10-14.

Clarke, R.: Privacy on the Move: The Impacts of Mobile Technologies on Consumers and Citizens. 2003b, http://www.anu.edu.au/people/Roger.Clarke/DV/MPrivacy.html.

Clarke, R.: Have We Learnt to Love Big Brother? Issues, 71, June, 2005, 9-13.

Clarke, R.: What's 'Privacy'? 2006, http://www.rogerclarke.com/DV/Privacy.html.

Clarke, R. Chapter 3. What 'Uberveillance' Is and What to Do About It, in K. Michael and M.G. Michael (eds.), The Second Workshop on the Social Implications of National Security, University of Wollongong, Wollongong, Australia, 2007a, 27-46.

Clarke, R.: Chapter 4. Appendix to What 'Uberveillance' Is and What to Do About It: Surveillance Vignettes, in K. Michael and M.G. Michael (eds.), The Second Workshop on the Social Implications of National Security, University of Wollongong, Wollongong, Australia, 2007b, 47-60.

Clarke, R.: Surveillance Vignettes Presentation. 2007c, http://www.rogerclarke.com/DV/SurvVign-071029.ppt.

Clarke, R.: Privacy Impact Assessment: Its Origins and Development. Computer Law & Security Review, 25(2), 2009, 123-135.

Clarke, R. & Wigan, M.: You Are Where You've Been: The Privacy Implications of Location and Tracking Technologies. 2011, http://www.rogerclarke.com/DV/YAWYB-CWP.html.

Culnan, M.J. & Bies, R.J.: Consumer Privacy: Balancing Economic and Justice Considerations. Journal of Social Issues, 59(2), 2003, 323-342.

Davis, D.W. & Silver, B.D.: Civil Liberties vs. Security: Public Opinion in the Context of the Terrorist Attacks on America. American Journal of Political Science, 48(1), 2004, pp. 28-46.

Dinev, T., Bellotto, M., Hart, P., Colautti, C., Russo, V. & Serra, I.: Internet Users’ Privacy Concerns and Attitudes Towards Government Surveillance – an Exploratory Study of Cross-Cultural Differences between Italy and the United States. 18th Bled eConference eIntegration in Action, Bled, Slovenia, 2005, 1-13.

Dobson, J.E. & Fisher, P.F. Geoslavery. IEEE Technology and Society Magazine, 22(1), 2003, 47-52.

Dobson, J.E. & Fisher, P.F. The Panopticon's Changing Geography. Geographical Review, 97(3), 2007, 307-323.

Dwyer, C., Hiltz, S.R. & Passerini, K.: Trust and Privacy Concern within Social Networking Sites: A Comparison of Facebook and Myspace. Proceedings of the Thirteenth Americas Conference on Information Systems, Keystone, Colorado, 2007, 1-12.

Elliot, G. & Phillips, N. Mobile Commerce and Wireless Computing Systems. Pearson Education Limited, Great Britain, 2004.

Ethics Subgroup IoT: Fact sheet- Ethics Subgroup IoT - Version 4.0, European Commission. 2013, 1-21, http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CB0QFjAA&url=http%3A%2F%2Fec.europa.eu%2Finformation_society%2Fnewsroom%2Fcf%2Fdae%2Fdocument.cfm%3Fdoc_id%3D1751&ei=5i7RVK-FHczYavKWgPgL&usg=AFQjCNG_VgeaUP_DIJVwSiPIww3bC9Ug_w

Freescale Semiconductor Inc. and ARM Inc:, Whitepaper: What the Internet of Things (IoT) Needs to Become a Reality. 2014, 1-16, cache.freescale.com/files/32bit/doc/white_paper/INTOTHNGSWP.pdf

Floridi, L.: Information Ethics: On the Philosophical Foundation of Computer Ethics. Ethics and Information Technology, 1, 1999, 37-56.

Foucault, M. Discipline and Punish: The Birth of the Prison. Second Vintage Books Edition May 1995, Vintage Books: A Division of Random House Inc, New York, 1977.

Fusco, S.J., Michael, K., Aloudat, A. & Abbas, R.: Monitoring People Using Location-Based Social Networking and Its Negative Impact on Trust: An Exploratory Contextual Analysis of Five Types of “Friend” Relationships. IEEE Symposium on Technology and Society, Illinois, Chicago, 2011.

Fusco, S.J., Michael, K., Michael, M.G. & Abbas, R.: Exploring the Social Implications of Location Based Social Networking: An Inquiry into the Perceived Positive and Negative Impacts of Using LBSN between Friends. 9th International Conference on Mobile Business, Athens, Greece, IEEE, 2010, 230-237.

Gagnon, M., Jacob, J.D., Guta, A.: Treatment adherence redefined: a critical analysis of technotherapeutics. Nurs Inq. 20(1), 2013, 60-70.

Ganascia, J.G.: The Generalized Sousveillance Society. Social Science Information, 49(3), 2010, 489-507.

Gandy, O.H.: The Panoptic Sort: A Political Economy of Personal Information. Westview, Boulder, Colorado, 1993.

Giaglis, G.M., Kourouthanassis, P. & Tsamakos, A.: Chapter IV. Towards a Classification Framework for Mobile Location-Based Services, in B.E. Mennecke and T.J. Strader (eds.), Mobile Commerce: Technology, Theory and Applications. Idea Group Publishing, Hershey, US, 2003, 67-85.

Gould, J.B.: Playing with Fire: The Civil Liberties Implications of September 11th. Public Administration Review, 62, 2002, 74-79.

Jorns, O. & Quirchmayr, G.: Trust and Privacy in Location-Based Services. Elektrotechnik & Informationstechnik, 127(5), 2010, 151-155.

Junglas, I. & Spitzmüller, C.: A Research Model for Studying Privacy Concerns Pertaining to Location-Based Services. Proceedings of the 38th Hawaii International Conference on System Sciences, 2005, 1-10.

Kaasinen, E.: User Acceptance of Location-Aware Mobile Guides Based on Seven Field Studies. Behaviour & Information Technology, 24(1), 2003, 37-49.

Kaupins, G. & Minch, R.: Legal and Ethical Implications of Employee Location Monitoring. Proceedings of the 38th Hawaii International Conference on System Sciences. 2005, 1-10.

Kim, D.J., Ferrin, D.L. & Rao, H.R.: Trust and Satisfaction, Two Stepping Stones for Successful E-Commerce Relationships: A Longitudinal Exploration. Information Systems Research, 20(2), 2009, 237-257.

King, L.: Information, Society and the Panopticon. The Western Journal of Graduate Research, 10(1), 2001, 40-50.

Kodl, J. & Lokay, M.: Human Identity, Human Identification and Human Security. Proceedings of the Conference on Security and Protection of Information, Idet Brno, Czech Republic, 2001, 129-138.

Kranenburg, R.V. and Bassi, A.: IoT Challenges, Communications in Mobile Computing. 1(9), 2012, 1-5.

Küpper, A. & Treu, G.: Next Generation Location-Based Services: Merging Positioning and Web 2.0., in L.T. Yang, A.B. Waluyo, J. Ma, L. Tan and B. Srinivasan (eds.), Mobile Intelligence. John Wiley & Sons Inc, Hoboken, New Jersey, 2010, 213-236.

Levin, A., Foster, M., West, B., Nicholson, M.J., Hernandez, T. & Cukier, W.: The Next Digital Divide: Online Social Network Privacy. Ryerson University, Ted Rogers School of Management, Privacy and Cyber Crime Institute, 2008, www.ryerson.ca/tedrogersschool/privacy/Ryerson_Privacy_Institute_OSN_Report.pdf.

Lewis, J.D. & Weigert, A.: Trust as a Social Reality. Social Forces, 63(4), 1985, 967-985.

Lyon, D.: The World Wide Web of Surveillance: The Internet and Off-World Power Flows. Information, Communication & Society, 1(1), 1998, 91-105.

Lyon, D.: Surveillance Society: Monitoring Everyday Life. Open University Press, Phildelphia, PA, 2001.

Lyon, D.: Surveillance Studies: An Overview. Polity, Cambridge, 2007.

Macquarie Dictionary.: 'Uberveillance', in S. Butler, Fifth Edition of the Macquarie Dictionary, Australia's National Dictionary. Sydney University, 2009, 1094.

Mann, S.: Sousveillance and Cyborglogs: A 30-Year Empirical Voyage through Ethical, Legal, and Policy Issues. Presence, 14(6), 2005, 625-646.

Mann, S., Nolan, J. & Wellman, B.: Sousveillance: Inventing and Using Wearable Computing Devices for Data Collection in Surveillance Environments. Surveillance & Society, 1(3), 2003, 331-355.

Mathiesen, K.: What is Information Ethics? Computers and Society, 32(8), 2004, 1-11.

Mattern, F. and Floerkemeier, K.: From the Internet of Computers to the Internet of Things, in Sachs, K., Petrov, I. & Guerrero, P. (eds.), From Active Data Management to Event-Based Systems and More. Springer-Verlag Berlin Heidelberg, 2010, 242-259.

Marx, G.T. & Steeves, V.: From the Beginning: Children as Subjects and Agents of Surveillance. Surveillance & Society, 7(3/4), 2010, 192-230.

Mayer, R.C., Davis, J.H. & Schoorman, F.D.: An Integrative Model of Organizational Trust. The Academy of Management Review, 20(3), 1995, 709-734.

McKnight, D.H. & Chervany, N.L.: What Trust Means in E-Commerce Customer Relationships: An Interdisciplinary Conceptual Typology. International Journal of Electronic Commerce, 6(2), 2001, 35-59.

Metzger, M.J.: Privacy, Trust, and Disclosure: Exploring Barriers to Electronic Commerce. Journal of Computer-Mediated Communication, 9(4), 2004.

Michael, K. & Clarke, R.: Location and Tracking of Mobile Devices: Überveillance Stalks the Streets. Computer Law and Security Review, 29(2), 2013, 216-228.

Michael, K., McNamee, A. & Michael, M.G.: The Emerging Ethics of Humancentric GPS Tracking and Monitoring. International Conference on Mobile Business, Copenhagen, Denmark, IEEE Computer Society, 2006a, 1-10.

Michael, K., McNamee, A., Michael, M.G., and Tootell, H.: Location-Based Intelligence – Modeling Behavior in Humans using GPS. IEEE International Symposium on Technology and Society, 2006b.

Michael, K., Stroh, B., Berry, O., Muhlbauer, A. & Nicholls, T.: The Avian Flu Tracker - a Location Service Proof of Concept. Recent Advances in Security Technology, Australian Homeland Security Research Centre, 2006, 1-11.

Michael, K. and Michael, M.G.: Australia and the New Technologies: Towards Evidence Based Policy in Public Administration (1 ed). Wollongong, Australia: University of Wollongong, 2008, Available at: http://works.bepress.com/kmichael/93

Michael, K. & Michael, M.G.: Microchipping People: The Rise of the Electrophorus. Quadrant, 49(3), 2005, 22-33.

Michael, K. and Michael, M.G.: From Dataveillance to Überveillance (Uberveillance) and the Realpolitik of the Transparent Society (1 ed). Wollongong: University of Wollongong, 2007. Available at: http://works.bepress.com/kmichael/51.

Michael, K. & Michael, M.G.: Innovative Automatic Identification and Location-Based Services: From Bar Codes to Chip Implants. IGI Global, Hershey, PA, 2009.

Michael, K. & Michael, M.G.: The Social and Behavioral Implications of Location-Based Services. Journal of Location-Based Services, 5(3/4), 2011, 1-15, http://works.bepress.com/kmichael/246.

Michael, K. & Michael, M.G.: Sousveillance and Point of View Technologies in Law Enforcement: An Overview, in The Sixth Workshop on the Social Implications of National Security: Sousveillance and Point of View Technologies in Law Enforcement, University of Sydney, NSW, Australia, Feb. 2012.

Michael, K., Roussos, G., Huang, G.Q., Gadh, R., Chattopadhyay, A., Prabhu, S. and Chu, P.: Planetary-scale RFID Services in an Age of Uberveillance. Proceedings of the IEEE, 98.9, 2010, 1663-1671.

Michael, M.G. and Michael, K.: National Security: The Social Implications of the Politics of Transparency. Prometheus, 24(4), 2006, 359-364.

Michael, M.G. & Michael, K. Towards a State of Uberveillance. IEEE Technology and Society Magazine, 29(2), 2010, 9-16.

Michael, M.G. & Michael, K. (eds): Uberveillance and the Social Implications of Microchip Implants: Emerging Technologies. Hershey, PA, IGI Global, 2013.

O'Connor, P.J. & Godar, S.H.: Chapter XIII. We Know Where You Are: The Ethics of LBS Advertising, in B.E. Mennecke and T.J. Strader (eds.), Mobile Commerce: Technology, Theory and Applications, Idea Group Publishing, Hershey, US, 2003, 245-261.

Orwell, G.: Nineteen Eighty Four. McPherson Printing Group, Maryborough, Victoria, 1949.

Oxford Dictionary: Control, Oxford University Press, 2012a http://oxforddictionaries.com/definition/control?q=control.

Oxford Dictionary: Trust, Oxford University Press, 2012b, http://oxforddictionaries.com/definition/trust?q=trust.

Pavlou, P.A.: Consumer Acceptance of Electronic Commerce: Integrating Trust and Risk with the Technology Acceptance Model. International Journal of Electronic Commerce, 7(3), 2003, 69-103.

Perusco, L. & Michael, K.: Humancentric Applications of Precise Location Based Services, in IEEE International Conference on e-Business Engineering, Beijing, China, IEEE Computer Society, 2005, 409-418.

Perusco, L. & Michael, K.: Control, Trust, Privacy, and Security: Evaluating Location-Based Services. IEEE Technology and Society Magazine, 26(1), 2007, 4-16.

Perusco, L., Michael, K. & Michael, M.G.: Location-Based Services and the Privacy-Security Dichotomy, in Proceedings of the Third International Conference on Mobile Computing and Ubiquitous Networking, London, UK, Information Processing Society of Japan, 2006, 91-98.

Quinn, M.J.: Ethics for the Information Age. Second Edition, Pearson/Addison-Wesley, Boston, 2006.

Renegar, B., Michael, K. & Michael, M.G.: Privacy, Value and Control Issues in Four Mobile Business Applications, in 7th International Conference on Mobile Business (ICMB2008), Barcelona, Spain, IEEE Computer Society, 2008, 30-40.

Rozenfeld, M.: The Value of Privacy: Safeguarding your information in the age of the Internet of Everything, The Institute: the IEEE News Source, 2014, http://theinstitute.ieee.org/technology-focus/technology-topic/the-value-of-privacy.

Rummel, R.J.: Death by Government. Transaction Publishers, New Brunswick, New Jersey, 1997.

Sanquist, T.F., Mahy, H. & Morris, F.: An Exploratory Risk Perception Study of Attitudes toward Homeland Security Systems. Risk Analysis, 28(4), 2008, 1125-1133.

Schoorman, F.D., Mayer, R.C. & Davis, J.H.: An Integrative Model of Organizational Trust: Past, Present, and Future. Academy of Management Review, 32(2), 2007, 344-354.

Shay, L.A., Conti, G., Larkin, D., Nelson, J.: A framework for analysis of quotidian exposure in an instrumented world. IEEE International Carnahan Conference on Security Technology (ICCST), 2012, 126-134.

Siau, K. & Shen, Z.: Building Customer Trust in Mobile Commerce. Communications of the ACM, 46(4), 2003, 91-94.

Solove, D.: Digital Dossiers and the Dissipation of Fourth Amendment Privacy. Southern California Law Review, 75, 2002, 1083-1168.

Solove, D.: The Digital Person: Technology and Privacy in the Information Age. New York University Press, New York, 2004.

Tavani, H.T.: Ethics and Technology: Ethical Issues in an Age of Information and Communication Technology. John Wiley, Hoboken, N.J., 2007.

Valacich, J.S.: Ubiquitous Trust: Evolving Trust into Ubiquitous Computing Environments. Business, Washington State University, 2003, 1-2.

van Ooijen, C. & Nouwt, S.: Power and Privacy: The Use of LBS in Dutch Public Administration, in B. van Loenen, J.W.J. Besemer and J.A. Zevenbergen (eds.), Sdi Convergence. Research, Emerging Trends, and Critical Assessment, Nederlandse Commissie voor Geodesie Netherlands Geodetic Commission 48, 2009, 75-88.

Wakunuma, K.J. and Stahl, B.C.: Tomorrow’s Ethics and Today’s Response: An Investigation into The Ways Information Systems Professionals Perceive and Address Emerging Ethical Issues. Inf Syst Front, 16, 2014, 383–397.

Weckert, J.: Trust and Monitoring in the Workplace. IEEE International Symposium on Technology and Society, 2000. University as a Bridge from Technology to Society, 2000, 245-250.

Wigan, M. & Clarke, R.: Social Impacts of Transport Surveillance. Prometheus, 24(4), 2006, 389-403.

Xu, H. & Teo, H.H.: Alleviating Consumers’ Privacy Concerns in Location-Based Services: A Psychological Control Perspective. Twenty-Fifth International Conference on Information Systems, 2004, 793-806.

Xu, H., Teo, H.H. & Tan, B.C.Y.: Predicting the Adoption of Location-Based Services: The Role of Trust and Perceived Privacy Risk. Twenty-Sixth International Conference on Information Systems, 2005, 897-910.

Yan, Z. & Holtmanns, S.: Trust Modeling and Management: From Social Trust to Digital Trust, in R. Subramanian (ed.), Computer Security, Privacy and Politics: Current Issues, Challenges and Solutions. IGI Global, 2008, 290-323.

Yeh, Y.S. & Li, Y.M.: Building Trust in M-Commerce: Contributions from Quality and Satisfaction. Online Information Review, 33(6), 2009, 1066-1086.

Citation: Roba Abbas, Katina Michael, M.G. Michael, "Using a Social-Ethical Framework to Evaluate Location-Based Services in an Internet of Things World", IRIE, International Review of Information Ethics, http://www.i-r-i-e.net/ Source: http://www.i-r-i-e.net/inhalt/022/IRIE-Abbas-Michael-Michael.pdf Dec 2014


Honorary Fellow Dr Roba Abbas:

·         School of Information Systems and Technology, University of Wollongong, Northfields Avenue, Wollongong NSW 2522, Australia

·         ( + 612 - 4221 - 3555 , * roba@uow.edu.au :http://www.technologyandsociety.org/members/2013/7/25/dr-roba-abbas

·         Relevant publications:

o    R. Abbas, K. Michael, M.G. Michael, R. Nicholls, Sketching and validating the location-based services (LBS) regulatory framework in Australia, Computer Law and Security Review 29, No.5 (2013): 576-589.

o    R. Abbas, K. Michael, M.G. Michael, The Regulatory Considerations and Ethical Dilemmas of Location-Based Services (LBS): A Literature Review, Information Technology & People 27, No.1 (2014): 2-20.

Associate Professor Katina Michael:

·         School of Information Systems and Technology, University of Wollongong, Northfields Avenue, Wollongong NSW 2522, Australia

·         ( + 612 - 4221 - 3937 , * katina@uow.edu.au : http://ro.uow.edu.au/kmichael

·         Relevant publications:

o    K. Michael, R. Clarke, Location and Tracking of Mobile Devices: Überveillance Stalks the Streets, Computer Law and Security Review 29, No.3 (2013): 216-228.

o    K. Michael, M. G. Michael, Innovative Automatic Identification and Location-Based Services: From Bar Codes to Chip Implants, IGI Global, (2009).

o    L. Perusco, K. Michael, Control, trust, privacy, and security: evaluating location-based services, IEEE Technology and Society Magazine 26, No.1 (2007): 4-16.

Honorary Associate Professor M.G. Michael

·         School of Information Systems and Technology, University of Wollongong, Northfields Avenue, Wollongong NSW 2522, Australia

·         ( + 612 – 4221 - 3937, *  mgm@uow.edu.au, : http://ro.uow.edu.au/mgmichael

·         Relevant publications:

o    M.G. Michael and K. Michael (eds) Uberveillance and the Social Implications of Microchip Implants: Emerging Technologies, Hershey: PA, IGI Global, (2013).

o    K. Michael, M. G. Michael, "The Social and Behavioral Implications of Location-Based Services, Journal of Location-Based Services, Volume 5, Issue 3-4, (2011), 121-137.

o    M.G. Michael, K. Michael, Towards a State of Uberveillance, IEEE Technology and Society Magazine, 29, No.2, (2010): 9-16.

o    M. G. Michael, S. J. Fusco, K. Michael, A Research Note on Ethics in the Emerging Age of Uberveillance, Computer Communications, 31 No.6, 2008: 1192-1199.

Perceived barriers for implanting microchips in humans


This quantitative, descriptive study investigated if there was a relationship between countries of residence of small business owners (N = 453) within four countries (Australia, India, UK, and the USA) with respect to perceived barriers to RFID (radio frequency identification) transponders being implanted into humans for employee ID. Participants were asked what they believed were the greatest barriers in instituting chip implants for access control in organizations. Participants had six options from which to select. There were significant chi-square analyses reported relative to respondents' countries and: 1) a perceived barrier of technological issues (X2= 11.86, df = 3, p = .008); 2) a perceived barrier of philosophical issues (right of control over one's body) (X2= 31.21, df = 3, p = .000); and 3) a perceived barrier of health issues (unknown risks related to implants) (X2= 10.88, df = 3, p = .012). There were no significant chi-square analyses reported with respect to countries of residence and: 1) religious issues (mark of the beast), 2) social issues (digital divide), and 3) cultural issues (incisions into the skin are taboo). Thus, the researchers concluded that there were relationships between the respondents' countries and the perception of barriers in institutional microchips.

SECTION I. Introduction

The purpose of this study was to investigate if there were relationships between countries of residence (Australia, India, UK, and the USA) of small business owners  and perceived barriers of instituting RFID (radio frequency identification) transponders implanted into the human body for identification and access control purposes in organizations [1]. Participants were asked what they believed were the greatest barriers in instituting chip implants for access control in organizations [2]. Participants had six options from which to select all that apply, as well as an option to specify other barriers [3]. The options for perceived barriers included:

  • technological issues-RFID is inherently an insecure technology
  • social issues-there will be a digital divide between those with employees with implants for identification and those that have legacy electronic identification
  • cultural issues-incisions into the skin are taboo
  • religious issues-mark of the beast
  • philosophical issues-right of control over one's body
  • health issues-there are unknown risks related to implants that are in the body over the long term
  • other issues.

There were significant chi-square analyses reported relative to respondents' countries and: 1) the perceived barrier of technological issues; 2) the perceived barrier of philosophical issues (right of control over one's body); and 3) the perceived barrier of health issues (unknown risks related to implants). There were no significant chi-square analyses reported with respect to countries and religious issues (mark of the beast), social issues (digital divide), and cultural issues (incisions into the skin are taboo).

RFID implants are capable of omnipresent electronic surveillance. RFID tags or transponders can be implanted into the human body to track the who, what, where, when, and how of human life [4]. This act of embedding devices into human beings for surveillance purposes is known as uberveillance [5]. While the tiny embedded RFID chips do not have global positioning capabilities, an RFID reader (fixed or mobile) can capture time stamps, exit and entry sequences to denote when someone is coming or going, which direction they are travelling in, and then make inferences on time, location, distance. and speed.

In this paper, the authors present a brief review of the literature, key findings from the study, and a discussion on possible implications of the findings. Professionals working in the field of emerging technologies could use these findings to better understand how countries of residence may affect perceptions of barriers in instituting chip implants in humans.

SECTION II. Review of Literature

A. Implants and Social Acceptance

In 2004, the FDA (Food & Drug Administration) of the United States approved an implantable chip for use in humans in the U.S [6]. The implanted chip was and is being marketed by a variety of commercial enterprises as a potential method to detect and treat diseases, as well as a potential lifesaving device. If a person was brought to an emergency room unconscious, a scanner in the hospital doorway could read the person's unique ID on the implanted chip. The ID would then be used to unlock the personal health records (PHR) of the patient from a database [7]. Authorized health professionals would then have access to all pertinent medical information of that individual (i.e. medical history, previous surgeries, allergies, heart condition, blood type, diabetes) to care for the patient aptly. Additionally, the chip is being touted as a solution to kidnappings in Mexico (e.g. by the Xega Company), among many other uses [8].

B. Schools: RFID Tracking

A rural elementary school in California planned to implement RFID-tagged ID cards for school children, however the American Civil Liberties Union (ACLU) fought successfully to revoke the program. Veritable risks were articulated by the ACLU including identity theft, or kidnapping if the system was hacked and resulted in a perpetrator being able to access locations of schoolchildren.

However, with school districts looking to offset cuts in state funding which are partly based on attendance figures, RFID technology provides a method to count students more accurately. Added to increased revenues, administrators are facing the reality of increasing security issues; thus more school districts are adopting RFID to track students to improve safety. For many years in Tokyo, students have worn mandatory RFID bracelets; they are tracked not only in the school, but also to and from school [9] [10]. In other examples, bags are fitted with GPS units.

In 2012, the Northside Independent School District in San Antonio, Texas began a pilot program to track 6.2% of its 100,000 students through RFID tagged ID-cards. Northside was not the first district in Texas; two other school districts in Houston successfully use the technology with reported gains in hundreds of thousands of dollars in revenue due to improved attendance. The school board unanimously approved the program, but not after first debating privacy issues. Chip readers on campuses and on school buses will detect a student's location and authorized administrators will have access to the information. At a cost of 525,000 to launch the pilot program and approximately 1.7 million in the first year due to higher attendance figures, as well as Medicaid reimbursements for the busing of special education students. However, students could forget or lose the cards which would negatively affect the system [3]. One of Northside's sophomore students, Andrea Hernandez, refused to wear the RFID tag round her neck based on religious reasons. Initially, the school expelled her but when the case went to court, she was reinstated, a judge ruling her constitutional rights had been violated [11].

C. Medical Devices: RFID Implants

Recent technological developments are reaching new levels with the integration of silicon and biology; implanted devices can now interact directly with the brain [12]. Implantable devices for medical purposes are often highly beneficial to restore functions that were lost. Such current medical implants include cardiovascular pacers, cochlear and brainstem implants for patients with hearing disorders, implantable drug delivery pumps, implantable neurostimulation devices for such patients as those with urinary incontinence, chronic pain, or epilepsy, deep brain stimulation for patients with Parkinson's, and artificial chip-controlled legs [13].

D. RFID in India

Although India has been identified as a significant prospective market for RFID due to issues with the supply chain and a need for transparency, some contend that the slow adoption of RFID solutions can be tracked to unskilled RFID solution providers. Inexperienced systems integrators and vendors are believed to account for failed trials, leaving companies disillusioned with the technology, and subsequently abandoning solutions and declaiming its benefits loudly and publicly. A secondary technological threat to RFID adoption is believed to be related to price competitiveness in India. In such a price-sensitive environment, RFID players are known to quote the lowest costs per tag, thereby using inferior hardware. Thus, customers perceive RFID to be inconsistent and unreliable for use in the business setting [14]. The compulsory biometrics roll out, instituted by the Unique Identification Authority of India (UIDAI) is in direct contrast to the experience of RFID (fig. 1)

Fig. 1. Taking fingerprints for Aadhaar, a 12-digit unique number has been issued for all residents in india. The number will be stored in a centralized database and linked to basic demographic and biometric information. The system institutes multimodal biometrics. Creative commons: fotokannan.

Fig. 1. Taking fingerprints for Aadhaar, a 12-digit unique number has been issued for all residents in india. The number will be stored in a centralized database and linked to basic demographic and biometric information. The system institutes multimodal biometrics. Creative commons: fotokannan.

E. RFID in Libraries

In 2010, researchers reported that many corporate libraries had begun deploying RFID. RFID tags are placed into books and other media and used in libraries for such purposes as to automate stock verification, to locate misplaced items, to check in/check out patrons without human interaction, and to detect theft. In India, several deployment and implementation issues were identified and they are: consumer privacy issues/ethical concerns, costs, lack of standards and regulations in India (e.g. data ownership, data collection limitations), user confusion (e.g. lack of training and experience with the technology), and the immaturity of the technology (e.g. lack of accuracy, scalability, etc.) [15].

F. RFID and OEMS/Auto Component Manufacturers

In India, suppliers are not forced to conform to stringent regulations like those that exist in other countries. In example, the TREAD Act in the U.S. provided the impetus for OEMs to invest in track and trace solutions; failure to comply with the regulations can carry a maximum fine in the amount of $15 million and a criminal penalty of up to 15 years. Indian suppliers are not only free from such regulations of compliance, but also cost conscious with low volumes of high value cars. It is believed that the cost of RFID solutions is not yet justified in the Indian market [16].

G. Correctional Facilities: RFID Tracking

A researcher studied a correctional facility in Cleveland, Ohio to evaluate the impact of RFID technology to deter such misconduct as sexual assaults. The technology was considered because of its value in confirming inmate counts and perimeter controls. In addition, corrections officers can utilize such technology to check inmate locations against predetermined schedules, to detect if rival gang members are in close proximity, to classify and track proximity of former intimate partners, single out those inmates with food allergies or health issues, and even identify if inmates who may attempt to move through the cafeteria line twice [17].

The results of the study indicated that RFID did not deter inmate misconduct, although the researchers articulated many issues that affected the results. Significant technological challenges abounded for the correctional facility as RFID tracking was implemented and included system inoperability, signal interference (e.g. “blind spots” where bracelets could not be detected), and transmission problems [18] [17].

H. Social Concerns

Social concerns plague epidermal electronics for nonmedical purposes [19]. In the United States, many states have crafted legislation to balance the potential benefits of RFID technology with the disadvantages associated with privacy and security concerns [20]. California, Georgia, Missouri, North Dakota, and Wisconsin are among states in the U.S. which have passed legislation to prohibit forced implantation of RFID in humans [21]. The “Microchip Consent Act of 2010”, which became effective on July 1, 2010 in the state of Georgia, not only stated that no person shall be required to be implanted with a microchip (regardless of a state of emergency), but also that voluntary implantation of any microchip may only be performed by a physician under the authority of the Georgia Composite Medical Board.

Through the work of Rodata and Capurro in 2005, the European Group on Ethics in Science and New Technologies to the European Commission, examined the ethical questions arising from science and new technologies. The role of the opinion was to raise awareness concerning the dilemmas created by both medical and non-medical implants in humans which affect the intimate relation between bodily and psychic functions basic to our personal identity [22]. The opinion stated that Information and Communications Technology implants, should not be used to manipulate mental functions or to change a personal identity. Additionally, the opinion stated that principles of data protection must be applied to protect personal data embedded in implants [23]. The implants were identified in the opinion as a threat to human dignity when used for surveillance purposes, although the opinion stated that this might be justifiable for security and/or safety reasons [24].

I. Increased Levels of Willingness to Adopt: 2005–2010

Researchers continue to investigate social acceptance of the implantation of this technology into human bodies. In 2006, researchers reported higher levels of acceptance of the implantation of a chip within their bodies, when college students perceived benefits from this technology [25]. Utilizing the same questions posed in 2005 to college students attending both private and public institutions of higher education by the aforementioned researchers, the researchers once again in 2010 investigated levels of willingness to implant RFID chips to understand if there were shifts in levels of willingness of college students to implant RFID chips for various reasons [25] [26]. In both studies, students were asked: “How willing would you be to implant an RFID chip in your body as a method (to reduce identity theft, as a potential lifesaving device, to increase national security)?” A 5-point Likert-type scale was utilized varying from “Strongly Unwilling” to “Strongly Willing”. Comparisons of the 2005 results of the study to the results of the 2010 research revealed shifts in levels of willingness of college students. A shift was evident; levels of willingness moved from unwillingness toward either neutrality or willingness to implant a chip in the human body to reduce identity theft, as a potential lifesaving device, and to increase national security. Levels of unwillingness decreased for all aforementioned areas as follows [26]. Between 2005 and 2010, the unwillingness (“Strongly unwilling” and “Somewhat unwilling”) of college students to implant an RFID chip into their bodies decreased by 22.4% when considering RFID implants as method to reduce identity theft, decreased by 19.9% when considering RFID implants as a potential lifesaving device, and decreased by 16.3% when considering RFID implants to increase national security [26].

J. RFID Implant Study: German Tech Conference Delegates

A 2010 survey of individuals attending a technology conference conducted by BITKOM, a German information technology industry lobby group, reported 23% of 1000 respondents would be prepared to have a chip inserted under their skin for certain benefits; 72% of respondents, however, reported they would not allow implantation of a chip under any circumstances. Sixteen percent (16%) of respondents reported they would accept an implant to allow emergency services to rescue them more quickly in the event of a fire or accident [27].

K. Ask India: Are Implants a More Secure Technology?

Previously, researchers reported a significant chi-square analysis relative to countries of residence and perceptions of chip implants as a more secure technology for identification/access control in organizations. More than expected (46 vs. 19.8; adjusted residual = 7.5), participants from India responded “yes” to implants as a more secure technology. When compared against the other countries in the study, fewer residents from the UK responded “yes” than expected (9 vs. 19.8), and fewer residents from the USA responded “yes” than expected (11 vs. 20.9). In rank order, the countries contributing to this significant relationship were India, the UK and the USA; no such differences in opinion were found for respondents from Australia. [28].

Due to heightened security threats, there appears to be a surge in demand for security in India [29][30]. A progression of mass-casualty assaults that have been carried out by extremist Pakistani nationals against hotels and government buildings in India has brought more awareness to the potential threats against less secure establishments [30]. The government is working to institute security measures at the individual level with a form of national ID cards that will house key biometric data of the individual. In the local and regional settings, technological infrastructure is developing rapidly in metro and non-metro areas because of the increase of MNCs (multi-national corporations) now locating in India. Although the neighborhood “chowkiddaaar” (human guard/watchman) was previously a more popular security measure for localized security, advances in, and reliability and availability of, security technology is believed to be affecting the adoption of electronic access security as a replacement to the more traditional security measures [29] [30].

L. Prediction of Adoption of Technology

Many models have been developed and utilized to understand factors that affect the acceptance of technology such as: The Moguls Model of Computing by Ndubisi, Gupta, and Ndubisi in 2005, Diffusion of Innovation Theory by Rogers in 1983; Theory of Planned Behavior by Ajzen in 1991; The Model of PC Utilization attributed to Thompson, Higgins, and Howell in 1991, Protection Motivation Theory (PMT) by Rogers in 1985, and the Theory of Reasoned Action attributed to Fischbein & Ajzen in 1975, and with additional revisions by the same in 1980 [31].

Researchers in Berlin, Germany investigated consumers' reactions to RFID in retail. After viewing an introductory stimulus film about RFID services in retail, participants evaluated the technology and potential privacy mechanisms. Participants were asked to rate on a five point Likert-type scale (ranging from “not at all sensitive” to “extremely sensitive”) their attitudes toward privacy with such statements as: “Generally, I want to disclose the least amount of data about myself.” Or “To me it is irrelevant if somebody knows what I buy for my daily needs.” In the study, participants reported moderate privacy awareness  and interestingly, participants reported a moderate expectation that legal regulations will result in sufficient privacy protection . Results showed that the extent to which people view the protection of their privacy strongly influences how willing people will be to accept RFID in retail. Participants were aware of privacy problems with RFID-based services, however, if retailers articulate that they value the customers' privacy, participants appeared more likely to adopt the technology. Thus, privacy protection (and the communication of it) was found to be an essential element of RFID rollouts [32].

SECTION III. Methodology

This quantitative, descriptive study investigated if there were relationships between countries of residence with respect to perceived barriers of RFID chip implants in humans for identification and access control purposes in organizations. The survey took place between April 4, 2011 and April 18, 2011. It took an average of 10 minutes to complete each online survey. Participants, who are small business owners  within four countries including Australia , India , UK , and the USA , were asked “As a senior executive, what do you believe are the greatest barriers in instituting chip implants for access control in organizations?” Relative to gender, 51.9% of participants are male; 48.1% are female. The age of participants ranged from 18 to 71 years of age; the mean age was 44 and the median age was 45. Eighty percent of organizations surveyed had less than 5 employees. Table I shows the survey participant's industry sector.

Table I Senior executive's industry sector

Table I Senior executive's industry sector

The study employed one instrument that collected key data relative to the business profile, the currently utilized technologies for identification and access control at the organization, and the senior executives' perceptions of RFID implants in humans for identification and access control in organizations. Twenty-five percent of the small business owners that participated in the survey said they had electronic ID access to their premises. Twenty percent of small business owner employee ID cards came equipped with a photograph, and less than five percent stated they had a security breach in the 12 months preceding the study.

Descriptive statistics, including frequency counts and measures of central tendency, were run and chi-square analysis was conducted to examine if there were relationships between the respondents' countries and each of the perceived barriers in instituting microchips in humans.

SECTION IV. Findings

There was a significant relationship reported relative to respondents' countries for each of three of the six choices provided in the multi-chotomous question: “As a senior executive, what do you believe are the greatest barriers in instituting chip implants for access control in organizations?”

A. Barrier: Technological Issues

The significant chi-square analysis  indicated that there was a relationship between the respondents' countries and the perceived barrier of technological issues. Using the rule of identifying adjusted residuals greater than 2.0, examination of the adjusted residuals indicated that the relationship was created when more than expected participants from India selected “technological issues (RFID is inherently an insecure technology)” as a barrier in instituting chip implants (45 vs. 31.1; adjusted residual 3.4).

B. Barrier: Philosophical Issues

The second significant chi-square analysis , df = 3,  indicated that there was a relationship between the respondents' countries and the perceived barrier of philosophical issues (right of control over one's body). An examination of the adjusted residuals indicated that the relationship was mostly created when fewer than expected participants from India selected philosophical issues as a barrier in instituting chip implants (37 vs. 61.3; adjusted residual 5.3). In addition, more residents from Australia than expected (78 vs. 62.9; adjusted residual 3.3) selected philosophical issues as a barrier. In rank order, the countries contributing to this significant relationship were India, followed by Australia; no such differences in opinion were found for respondents from UK and the USA.

C. Barrier: Health Issues

The third significant chi-square analysis  indicated there was a relationship between the respondents' countries and the perceived barrier of health issues (unknown risks related to implants). An examination of the adjusted residuals indicated that the relationship was mostly created when more than expected residents of India selected health issues as a barrier in instituting chip implants (57 vs. 43.3; adjusted residual 3.1). In addition, fewer residents from America than expected (36 vs. 45.7; adjusted residual 2.1) selected health issues as a barrier. In rank order, the countries contributing to this significant relationship were India, followed by the USA; no such differences in opinion were found for respondents from Australia and the UK.

D. Barrier: Social Issues, Religious Issues, and Cultural Issues

There were no significant chi-square analyses reported with respect to respondents' countries and social issues (digital divide), religious issues (mark of the beast), and cultural issues (incisions into the skin are taboo). Thus, in this study the researchers concluded no such differences in opinion were found for respondents' countries of residence and the barriers of social issues, religious issues, and cultural issues.

E. Statistical Summary

When asked whether or not, radiofrequency identification (RFID) transponders surgically implanted beneath the skin of an employee would be a more secure technology for instituting employee identification in the organization, only eighteen percent believed so. When asked subsequently about their opinion on how many staff in their organization would opt for an employee ID chip implant instead of the current technology if it were available, it was stated that eighty percent would not opt in. These figures are consistent with an in depth interview conducted with consultant Gary Retherford who was responsible for the first small business adoption of RFID implants for access control at Citywatcher.com in 2006 [33]–[34][35] In terms of the perceived barriers to instituting an RFID implant for access control in organizations, senior executives stated the following (in order of greatest to least barriers): 61% said health issues, 55% said philosophical issues, 43% said social issues; 36% said cultural issues; 31% said religious issues, and 28% said technological issues.

F. Open-Ended Question

When senior executives were asked if they themselves would adopt an RFID transponder surgically implanted beneath the skin the responses were summarized into three categories-no, unsure, and yes [36]. We present a representative list of these responses below with a future study focused on providing in depth qualitative content analysis.

1) No, I Would Not Get an RFID Implant

“No way would I. Animals are microchipped, not humans.”

“Absurd and unnecessary.”

“I absolutely would not have any such device implanted.”

“Hate it and object strongly.”

“No way.”h

“No thanks.”


“Absolutely creepy and unnecessary.”

“Would not consider it.”

“I would leave the job.”

“I don't like the idea one bit. The idea is abhorrent. It is invasive both physically and psychologically. I would never endorse it.”

“Would never have it done.”

“Disagree invading my body's privacy.”

“Absolutely vehemently opposed.”

“This proposal is a total violation of human rights.”

“Yeah right!! and get sent straight to hell! not this little black duck!”

“I do not believe you should put things in your body that God did not supply you with …”

“I wouldn't permit it. This is a disgraceful suggestion. The company does not OWN the employees. Slavery was abolished in developed countries more than 100 years ago. How dare you even suggest such a thing. You should be ashamed.”

“I would sooner stick pins in my eyeballs.”

“It's just !@;#%^-Nazi's???”

2) I am Unsure about Getting an RFID Implant

“A bit overkill for identification purposes.”


“Maybe there is an issue with OH&S and personal privacy concern.”


“Only if I was paid enough to do this, $100000 minimum.”

“Unsure, seems very robotic.”

“I'm not against this type of device but I would not use it simply for business security.”

“A little skeptical.”

“A little apprehensive about it.”

3) Yes, I would Get an RFID Implant

“Ok, but I would be afraid that it could be used by”

“outside world, say police.”


“It is a smart idea.”

“It would not be a problem for me, but I own the business so no philosophical issues for me.”

“I'd think it was pretty damn cool.”

SECTION V. Discussion: Perceived Barriers

A. Barrier: Technological Issues

The literature revealed many technological barriers for non-implantable chips; this study suggests this same barrier is also perceived for implantable chips and is likely to be related [37]. More than expected, Indian participants in this study selected technological issues (RFID is inherently an insecure technology) as a barrier in instituting chip implants for access control; no such differences of opinion were found for the other countries in the study. However, the literature revealed in other analyses, that more than expected Indian participants, answered “yes” when asked if implants are a more secure technology for instituting identification/access control in an organization. The findings appear to suggest that although Indian participants perceive RFID implants as a more secure technology when compared with other such methods as manual methods, paper-based, smartcards, or biometric/RFID cards, participants are likely to view this technology as undeveloped and still too emergent. Further research is needed to substantiate this conclusion, although a review of the literature revealed that RFID solution providers are already in abundance in India, with many new companies launching and at a rapid pace. Without standards and regulations, providers are unskilled and uneducated in the technology, providing solutions that often do not prove successful in implementation. Customers then deem the technology as inconsistent and ineffective in its current state. In addition, RFID players undercut each other, providing cheap pricing for cheap, underperforming hardware. Therefore, the preliminary conclusion of the researchers is that adoption of implants in India is likely to be inhibited not only now, but well into the future if the implementations of non-implantable RFID solutions continue to misrepresent the capabilities of the technology. It is likely that far afield to accepting implantable chips, individuals in India would need to be assured of consistency and effectiveness for RFID chip use in non-human applications.

B. Barrier: Philosophical Issues

Fewer than expected Indian participants selected philosophical issues (right of control over one's body) as a barrier; and more than expected, Australian participants selected this as a barrier. The researchers concluded that this is fertile ground for future research [38]. The deep cultural assumptions of each country are likely to influence participants' responses. In example, although Indian philosophies vary, many emphasize the continuity of the soul or spirit, rather than the temporary state of the flesh (the body). Further research would inform these findings through an exploration as to how and why participants in India versus participants in Australia perceive their own right of control over one's body.

C. Barrier: Health Issues

More than expected Indian participants selected health issues (unknown risks related to implants) as a barrier in instituting implants; and, fewer than expected American participants selected this as a barrier. The researchers conclude that these results may be a result of the perceived successes with the current usage of the technology. The literature revealed participants from India are experiencing poor implementations of the technology. Conversely, Americans are increasingly exposed to the use of surgically implanted chips in pets (often with no choice if the pet is adopted from a shelter) and with little or no health issues faced [39]. In addition, segments of the healthcare industry are advocating for RFID for use in the supply chain (e.g. blood supply) with much success. To inform these findings, further research is needed to explore how participants from each country describe the unknown risks related to implants.

SECTION VI. Conclusion

In conclusion, the authors recognize there are significant social implications relative to implanting chips in humans. Although voluntary chipping has been embraced by certain individuals, the chipping of humans is rare and remains mostly a topic of discussion and debate into the future. Privacy and security issues abound and are not to be minimized. However, in the future, we may see an increased demand for, and acceptance of, chipping, especially as the global environment intensifies. When considering the increase in natural disasters over the past two years, the rising tensions between nations such as those faced by India with terrorism by extremists from neighboring countries, and the recent contingency plans to enact border controls to mitigate refugees fleeing failing countries in the Eurozone, the tracking of humans may once again come to the forefront as it did post 9–11 when rescuers raced against the clock to locate survivors in the rubble.

India is of particular interest in this study; participants from this country contributed most in many of the analyses. India is categorized as a developing country (or newly industrialized country) and the second most populous country in the world. The government of India is already utilizing national identification cards housing biometrics, although the rollout has been delayed as officials work to solve issues around cards that can be stolen or misplaced, as well as how to prevent use fraudulently after the cardholder's death. Technological infrastructure is improving in even the more remote regions in India as MNCs (multi-national corporations) are locating business divisions in the country. The findings, set against the backdrop of the literature review, bring to light what seems to be an environment of people more than expected (statistically) open to (and possibly ready for) the technology of implants when compared with developed countries. However ill-informed RFID players in India are selling a low quality product. There appears to be lack of standards and insufficient knowledge of the technology with those who should know the most about the technology. Further research is necessary to not only understand the Indian perspective, but also to better understand the environment now and into the future.


1. K. Michael and M. G. Michael, "The Diffusion of RFID Implants for Access Control and ePayments: Case Study on Baja Beach Club in Barcelona, " in IEEE International Symposium on Technology and Society (ISTAS10), Wollongong, Australia, 2010, pp. 242-252.

2. K. Michael and M. G. Michael, "Implementing Namebers Using Microchip Implants: The Black Box Beneath The Skin, " in This Pervasive Day: The Potential and Perils of Pervasive Computing, J. Pitt, Ed., ed London, United Kingdom: Imperial College Press, 2012, pp. 163-203.

3. K. Michael and M. G. Michael, "The Social, Cultural, Religious and Ethical Implications of Automatic Identification, " in The Seventh International Conference on Electronic Commerce Research, Dallas, Texas, 2004, pp. 432-450.

4. M. G. Michael and K. Michael, "A note on uberveillance, " in From dataveillance to uberveillance and the realpolitik of the transparent society, K. Michael and M. G. Michael, Eds., ed Wollongong: University of Wollongong, 2006, pp. 9-25.

5. M. G. Michael and K. Michael, Eds., Uberveillance and the Social Implications of Microchip Implants (Advances in Human and Social Aspects of Technology. Hershey, PA: IGI Global, 2014.

6. J. Stokes. (2004, October 14, 2004). FDA approves implanted RFID chip for humans. Available: http://arstechnica.com/uncategorized/2004/10/4305-2/

7. K. Michael, et al., "Microchip Implants for Humans as Unique Identifiers: A Case Study on VeriChip, " in Conference on Ethics, Technology, and Identity, Delft, Netherlands, 2008.

8. K. Opam. (2011, August 22, 2011). RFID Implants Won't Rescue the People Kidnapped in Mexico. Available: http://gizmodo.com/5833237/rfid-implants-wont-work-if-youve-beenkidnapped-in-mexico

9. C. Swedberg. (2005, June 12, 2012). L.A. County Jail to track inmates. Available: http://www.rfidjournal.com/article/articleview/1601/1/1

10. F. Vara-Orta. (2012, May 31, 2012). Students will be tracked via chips in IDs. Available: http://www.mysanantonio.com/news/education/article/Students-willbe-tracked-via-chips-in-IDs-3584339.php#ixzz1vszm9Wn4

11. Newstaff. (November 27, 2012, May 13, 2014). Texas School: Judge Overturns Student's Expulsion over RFID Chip. Available: http://www.govtech.com/Texas-School-Wear-RFID-Chip-or-Get-Expelled.html

12. M. Gasson, "ICT implants: The invasive future of identity?, " Advances in Information and Communication Technology, vol. 262, pp. 287-295, 2008.

13. K. D. Stephan, et al., "Social Implications of Technology: Past, Present, and Future, " Proceedings of the IEEE, vol. 100, pp. 1752-1781 2012.

14. R. Kumar. (2011, June 1, 2012). India's Big RFID Adoption Challenges. Available: http://www.rfidjournal.com/article/articleview/8145/1/82/

15. L. Radha, "Deployment of RFID (Radio Frequency Identification) at Indian academic libraries: Issues and best practice. , " International Journal of Library and Information Science, vol. 3, pp. 34-37, 2011.

16. H. Saranga, et al. (2010, June 2, 2012). Scope for RFID Implementation in the Indian Auto Components Industry. Available: http://tejasiimb. org/articles/73.php

17. N. LaVigne, "An evaluability assessment of RFID use in correctional settings, " in Final report submitted to the National Institute of Justice, ed. Washington DC: USA, 2006.

18. R. Halberstadt and N. LaVigne, "Evaluating the use of radio frequency identification device (RFID) technology to prevent and investigate sexual assaults in a correctional setting, " The Prison Journal, vol. 91, pp. 227-249, 2011.

19. A. Masters and K. Michael, "Lend me your arms: The use and implications of humancentric RFID, " Electronic Commerce and Applications, vol. 6, pp. 29-39, 2007.

20. K. Albrecht and L. McIntyre, Spychips: How Major Corporations and Government Plan to Track Your Every Purchase and Watch Your Every Move. New York: Plume, 2006.

21. A. Friggieri, et al., "The Legal Ramifications of Microchipping People in the United States of America-A State Legislative Comparison, " in IEEE International Symposium on Technology and Society (ISTAS '09), Phoenix, Arizona, 2009.

22. G. G. Assembly. (2010, January 12, 2011). Senate Bill 235. Available: http://www1.legis.ga.gov/legis/2009-10/versions/sb235-As-passed-Se nate-5.htm

23. M. G. Michael and K. Michael, "Towards a State of Uberveillance, " IEEE Technology and Society Magazine, vol. 29, pp. 9-16, 2010.

24. S. Rodota and R. Capurro, "Opinion n020: Ethical aspects of ICT Implants in the human body, " in European Group on Ethics in Science and New Technologie (EGE), ed, 2005.

25. C. Perakslis and R. Wolk, "Social acceptance of RFID as a biometric security method, " IEEE Symposium on Technology and Society Magazine, vol. 25, pp. 34-42, 2006.

26. C. Perakslis, "Consumer Willingness to Adopt RFID Implants: Do Personality Factors Play a Role in the Acceptance of Uberveillance?, " in Uberveillance and the Social Implications of Microchip Implants, M. G. Michael and K. Michael, Eds., ed Hershey, PA: IGI Global, 2014, pp. 144-160.

27. A. Donoghue. (2010, March 2, 2010). CeBIT: Quarter Of Germans Happy To Have Chip Implants. Available: http://www.techweekeurope.co.uk/news/cebit-quarter-of-germanshappy-to-have-chip-implants-5590

28. R. Achille, et al., "Ethical Issues to consider for Microchip Implants in Humans, " Ethics in Biology, Engineering and Medicine vol. 3, pp. 77-91, 2012.

29. S. Das. (2009, May 1, 2012). Surveillance: Big Brothers Watching. Available: http://dqindia.ciol.commakesections.asp/09042401.asp

30. M. Krepon and N. Cohn. (2011, May 1, 2012). Crises in South Asia: Trends and Potential Consequences. Available: http://www.stimson.org/books-reports/crises-in-south-Asia-trends-Andconsequences

31. C. Jung, Psychological types. Princeton, NJ: Princeton University Press, 1923 (1971).

32. M. Rothensee and S. Spiekermann, "Between Extreme Rejection and Cautious Acceptance Consumers' Reactions to RFID-Based IS in Retail, " Science Computer Review, vol. 26, pp. 75-86, 2008.

33. K. Michael and M. G. Michael, "The Future Prospects of Embedded Microchips in Humans as Unique Identifiers: The Risks versus the Rewards, " Media, Culture &Society, vol. 35, pp. 78-86, 2013.

34. WND. (October 2, 2006, May 13, 2014). Employees Get Microchip Implants. Available: http://www.wnd.com/2006/02/34751/

35. K. Michael, "Citywatcher.com, " in Uberveillance and the Social Implications of Microchip Implants, M. G. Michael and K. Michael, Eds., ed Hershey, PA: IGI Global, 2014, pp. 133-143.

36. K. Michael, et al., "Microchip Implants for Employees in the Workplace: Findings from a Multi-Country Survey of Small Business Owners, " presented at the Surveillance and/in Everyday Life: Monitoring Pasts, Presents and Futures, University of Sydney, NSW, 2012.

37. M. N. Gasson, et al., "Human ICT Implants: Technical, Legal and Ethical Considerations, " in Information Technology and Law Series vol. 23, ed: Springer, 2012, p. 184.

38. S. O. Hansson, "Implant ethics, " Journal of Med Ethics, vol. 31, pp. 519-525, 2005.

39. K. Albrecht, "Microchip-induced tumours in laboratory rodents and dogs: A review of literature, " in Uberveillance and the Social Implications of Microchip Implants, M. G. Michael and K. Michael, Eds., ed Hershey, PA: IGI Global, 2014, pp. 281-318.

Keywords: Radiofrequency identification, Implants, Educational institutions, Organizations, Access control, Australia, transponders, authorisation, microprocessor chips, organisational aspects, radiofrequency identification, institutional microchips, perceived barriers, microchips implant, transnational study, small business owners, RFID transponders, radio frequency identification transponders, employee ID, chip implants,access control, organizations, chi-square analysis, technological issues, philosophical issues, health issues, religious issues, social issues, digital divide, cultural issues, USA, RFID, radio frequency identification, implants, microchips, uberveillance, barriers, access control, employee identification, security, small business, Australia, India, UK

Citation: Christine Perakslis, Katina Michael, M. G. Michael, Robert Gable, "Perceived barriers for implanting microchips in humans", 2014 IEEE Conference on Norbert Wiener in the 21st Century (21CW), Date of Conference: 24-26 June 2014, Date Added to IEEE Xplore: 08 September 2014. DOI: 10.1109/NORBERT.2014.6893929

Are microchip implants a more secure technology for identification and access control?


This mixed methods study with a sequential explanatory strategy explored qualitatively the statistically significant quantitative findings relative to Indian respondents' perceptions about RFID (radio frequency identification) transponders implanted into the human body. In the first analysis phase of the study, there was a significant chi-square analysis reported (χ2 = 56.64, df = 3, p = .000) relative to the perception of small business owners (N = 453) that implanted chips are a more secure form of identification and/or access control in organizations and the respondents' country of residence. Countries under study included Australia, India, the UK and US. The country contributing most to this significant relationship was India. Additionally, frequency data comparing the relationship of the respondents' generation and perceptions of implants as a more secure technology (yes - no) was examined. The significant chi-square (χ2 = 29.11, df = 2, p = .000) analysis indicated that there was a very significant relationship between the respondents' opinions and such generations as Baby Boomers (those born 1946 - 1965), Generation X (those born 1966-1980) and Generation Y (those born 1981-2000). The second analysis phase of the study explored qualitative data gleaned from open-ended questions asking Indian Millennials (born 1981-2000) about their feelings about being implanted with a chip. Over one third of the world's population is considered part of the Millennial generation. Of India's 1.2 billion people, approximately half are under the age of 25; that is, over 250 million are categorized as Millennials. Based on the quantitative and qualitative findings, researchers in this study concluded that three factors affect perceptions of RFID implants. One key factor is that Indian Millennials appear to describe more feelings of positivity and neutrality when compared with the two prior generations.


The purpose of this study was to explore and interpret qualitatively the statistically significant quantitative findings relative to Indian respondents' perceptions about RFID (radio frequency identification) transponders implanted into the human body for identification and access control purposes in organizations. RFID implants are defined as an omnipresent electronic surveillance, which utilize technology that makes it possible to implant devices into the human body to track the who, what, where, when, and how of human life [1]. The tiny RFID chip which can be implanted in the body is smaller than the size of a grain of rice. In the first phase of analysis, there was a very significant chi-square analysis  reported relative to the perception that surgically implanted chips are a more secure form of identification and/or access control and the respondents' country of residence. In the first phase, participants included small business owners  within four countries including the UK , the USA , Australia , and India . The country contributing most to this significant relationship was India. In rank order, the countries contributing to this significant relationship were India, the UK, and the USA; no such differences in opinion were found for respondents from Australia. The second phase of the study explored qualitative data relative to surgically implanted chips reported by a subsection of the aforementioned small business owners; data reported by those Indian small business owners categorized as Millennials  was analyzed, as well as data reported by Indian students  categorized as Millennials (born 1980–2000) and currently enrolled in a college or university.

The methodology of this study took into account an initial analysis of quantitative findings of a survey exploring if small business owners perceived RFID chip implants in humans as a more secure technology for employee identification. The researchers intended to investigate if country of residence and/or generation (i.e. a cohort of individuals who were born in the same date range and share similar cultural experience) may affect perceptions of RFID implants in humans. Quantitative analysis revealed more Indian small business owners than expected perceived chip implants as a more secure technology. Indian participants, therefore, became an increased focus to further investigate why this segment of the participants reported more openness to implants than expected. Additional quantitative analysis exploring perceptions about this emerging technology by generation revealed more Millennials than expected perceived implants as more secure technology and conversely, less than expected Baby Boomers. Millennials, therefore, became a increased focus to further investigate why this segment of the participants reported more openness to implants than expected. Therefore, to bring meaning to the quantitative findings and further explore openness, the researchers then began qualitative exploration of data from the same survey to investigate how Indian participants, and Millennials, in general, answered when asked how he/she “personally feel(s) about being implanted for ease of identification with your own organization” when contrasted against the comments of non-Indian and/or non-Millennials. Then, to further expand upon qualitative findings about openness to implants from the aforementioned survey, the researchers are in the process of conducting subsequent research of Indian Millennials who are enrolled in graduate studies, but not necessarily small business owners. These qualitative themes were taken into account for the conclusions as reported in this paper.

The authors present a brief review of the literature, key findings from the sequential study, and a discussion on possible implications of the findings. Professionals working in the field of emerging technologies could use these findings to better understand how such demographics as country of residence, as well as such psychographics as generational factors, may affect perceptions of chip implants for identification and access control purposes in organizations.

SECTION II. Review of Literature

A. Implants & Social Acceptance

RFID implants, also known as Uberveillance, are defined as an omnipresent electronic surveillance, which utilize technology that makes it possible to implant devices into the human body to track the who, what, where, when, and how of human life [1]. In 2004, the FDA (Food & Drug Administration) of the United States approved an implantable chip for use in humans in the U.S. The tiny RFID chip, which can be implanted in the body, is smaller than the size of a grain of rice. The implanted chip is being marketed as a potential method to detect and treat diseases, as well as a potential lifesaving device. If a person was brought to an emergency room unconscious, a scanner in the hospital doorway could read the person's unique ID on the implanted chip. The ID would then be used to unlock the medical records of the patient from a database. Authorized health professionals would then have access to all pertinent medical information of that individual (i.e. medical history, previous surgeries, allergies, heart condition, blood type, diabetes, etc.) to care for the patient aptly.

Recent technological developments are reaching new levels with the integration of silicon and biology; implanted devices can now interact directly with the brain [2]. Implantable devices for medical purposes are often believed highly beneficial to restore functions that were lost. Such current medical implants include cardiovascular pacers, cochlear and brainstem implants for patients with hearing disorders, implantable drug delivery pumps, implantable neurostimulation devices for such patients as those with urinary incontinence, chronic pain, or epilepsy, deep brain stimulation for patients with Parkinson's, and artificial chip-controlled legs [3].

Social concerns plague this technology [4]. In the United States, many states are crafting legislation to balance the potential benefits of RFID technology with the disadvantages associated with privacy and security concerns. California, Georgia, Missouri, North Dakota, and Wisconsin are among states in the U.S. which have passed legislation to prohibit forced implantation of RFID in humans [5]. The “Microchip Consent Act of 2010”, which became effective on July 1, 2010 in the state of Georgia, not only stated that no person shall be required to be implanted with a microchip (regardless of a state of emergency), but also that voluntary implantation of any microchip may only be performed by a physician under the authority of the Georgia Composite Medical Board [6].

Through the work of Rodata and Capurro (2005), the European Group on Ethics in Science and New Technologies to the European Commission, which examines ethical questions arising from science and new technologies, issued an opinion in 2005, primarily to raise awareness and dialogue concerning the dilemmas created by both medical and non-medical implants in humans which affect the intimate relation between bodily and psychic functions basic to our personal identity. The opinion stated that implants (referred to as ICT implants or Information & Communications Technology implants), should not be used to manipulate mental functions or to change a personal identity. Additionally, the opinion stated that principles of data protection must be applied to protect personal data embedded in implants. The implants were identified in the opinion as a threat to human dignity when used for surveillance purposes, although the opinion stated that this might be justifiable for security and/or safety reasons [7].

Researchers continue to investigate social acceptance of the implantation of this technology into human bodies. In 2006, Perakslis and Wolk reported higher levels of acceptance of the implantation of a chip within their bodies, when college students perceived benefits from this technology [8]. A 2010 survey by BITKOM, a German information technology industry lobby group, reported 23% of 1000 respondents would be prepared to have a chip inserted under their skin for certain benefits; 72% of respondents, however, reported they would not allow implantation of a chip under any circumstances. Sixteen percent (16%) of respondents reported they would accept an implant to allow emergency services to rescue them more quickly in the event of a fire or accident [9].

B. Shifts with Millennials: From Unwillingness toward Neutrality to Implant

Utilizing questions posed by researchers in 2005 to college students attending both private and public institutions of higher education, researchers once again investigated levels of willingness to implant RFID chips to understand if there were shifts in levels of willingness of college students to implant RFID chips for various reasons [8] [10]In both studies, students were asked: “How willing would you be to implant an RFID chip in your body as a method. (to reduce identity theft, as a potential lifesaving device, to increase national security)?” A 5-point Likert-type scale was utilized varying from “Strongly Unwilling” to “Strongly Willing”. Comparisons of the 2005 results of the study to the results of the 2010 research revealed shifts from unwillingness toward either neutrality or willingness to implant a chip in the human body to reduce identity theft, as a potential lifesaving device, and to increase national security. Levels of unwillingness decreased for all aforementioned areas as follows [10].

Between 2005 and 2010, the unwillingness (“Strongly unwilling” and “Somewhat unwilling”) of college students to implant an RFID chip into their bodies decreased by 22.4% (from 55% strongly & somewhat unwilling in 2005 to 32.6% strongly and somewhat unwilling in 2010) when considering RFID implants as method to reduce identity theft, decreased by 19.9% when considering RFID implants as a potential lifesaving device (from 42% strongly & somewhat unwilling in 2005 to 22.1% in 2010), and decreased by 16.3% (from 50% strongly and somewhat unwilling in 2005 to 33.7% in 2010) when considering RFID implants to increase national security [10].

C. Shifts with Millennials: More Willingness to Implant

Between 2005 and 2010, researchers reported that levels of willingness increased for all areas under study. The willingness (“strongly willing” and “somewhat willing”) of college students to implant an RFID chip into their bodies increased by 9.2% when considering RFID implants as method to reduce identity theft, increased 24.4% when considering RFID implants as a potential lifesaving device, and increased 10.1% when considering RFID implants to increase national security. Researchers (Perakslis, 2010) reported the most dramatic shift in willingness with college students appeared to be relative to implanting RFID chips for use as a potential lifesaving device. The willingness of college students in 2010 increased by 24.4%, shifting from less unwillingness (−19.9%), and less neutrality as well (−4.5%) [8] [9].

D. Shifts with Millennials: More Neutral/No Opinion

In the same study (Perakslis, 2010), there was a 13.2% increase of participants categorized as Millennials reporting “neutral/no opinion” about willingness to implant a chip to reduce identity theft, and a 6.2% increase relative to willingness to implant a chip to increase national security. Conversely, when asked about willingness to implant a chip as a potential lifesaving device, 6.2% fewer participants reported “neutral/no opinion” in 2010 when compared to 2005 [8] [10].

E. Millennials

Millennials, are also known as Generation Y, Gen-Yers, Echo Boomers, Generation Next, or the Net Generation [14]. This segment of the population is defined by the U.S. Bureau of Labor Statistics as those born between 1981 and 2000 [11], and they are the cohort following Generation X (born between 1966–1980), and Baby Boomers (born between 1946–1964) [11]. Over one third of the population of the world is categorized as part of the Millennial generation; there are more Millennials in India than the total populations of Germany, Spain, France, and the U.K. combined [12]. This generation is immersed in technology; 74% of Millennials polled, in a multicountry internet study  reported they are skilled to “handle whatever technology encountered” [12]. Technology need not be for utilitarian purposes; these individuals view technology as central to their way of life (32%) and use technology to express themselves creatively (36%). One of the most significant aspect of the life of a Millennial is to be diverse and accepting [12]. Speed and access are keys to engage these individuals; they are accustomed to having gadgets that allow them to be the always-connected generation [13]. Researchers report that 74% of those polled in this generation, reported it is important for them to be perceived as “someone who is accepting of people from other cultures”. Indian Millenials are believed to share similar traits to their counterparts across the world however, when compared with western peers Indian Millennials identify more strongly with their parents, traditions, and culture [12]. Howe and Strauss (2000) purported that this generation can be defined by seven core traits and they are: special, sheltered, confident, team-oriented, conventional, pressured, and achieving. The life mission of this generation is reported to be to build up new institutions rather than tear down old institutions that do not work [14].

F. Shifts in India

Due to heightened security threats, there is a surge in demand for security in India [15] [16]. A progression of mass-casualty assaults that have been carried out by extremist Pakistani nationals against hotels and government buildings in India has brought more awareness to the potential threats against less secure establishments [16]. The government is working to institute security measures at the individual level with a form of national ID cards that will house key biometric data of the individual [17]. In the local and regional settings, technological infrastructure is developing rapidly in metro and non-metro areas because of the increase of MNCs (multi-national corporations) now locating in India. Although the neighborhood chowkiddaaar (human watchman/guard) was previously a more popular security measure for localized security, advances in, and reliability and availability of, security technology is believed to be affecting the adoption of electronic access security as a replacement to the more traditional security measures [15] [16].

SECTION III. Methodology

This study used a mixed-methods design with a sequential explanatory strategy. The initial quantitative phase informed the qualitative phase; qualitative research was used to examine surprising quantitative results in more detail [18]. The first phase included participants who are small business owners  within four countries including the UK, the USA, Australia, and India. Chi-square analysis was conducted in this study to examine if there was a relationship between the perception that surgically implanted chips are a more secure technology, and the respondents' country of residence. Additionally, Chi-square analysis was conducted to examine if there was a significant relationship between the respondents' generations. Generations were defined as Millenials (1981–2000), Generation X (1965–1980) and Baby Boomers (1946–1964).

The second phase included analysis of qualitative data obtained through the aforementioned survey asking participants “How would you personally feel about being implanted for ease of identification with your own organization?” as well as a subsequent survey administered to Indian Millennial students who are enrolled in gradaute school, but not necessarily small business owners. The collection and analysis of data gleaned from the open-ended questions administered electronic surveys explored the perspective of Indians as well as Millennials relative to surgically implantable RFID transponders when compared to those participants who were non-Indian and/or non-Millennials. Participants included both Indian small business owners categorized as Millennials  and purposefully selected Indian students who were also Millennials and currently enrolled in a college or university .

SECTION IV. Findings

In the first phase of the study, the frequency data that compared the relationship of the country in which the respondent lives was examined as shown in Table 1. The country or residence was explored relative to perceptions of surgically implanted transponders beneath the skin of an employee as a more secure technology for employee identification (yes - no). The significant chi-square  indicated that there was a relationship between the respondents' opinions and their country. Using the rule of identifying adjusted residuals greater than 2.0 [19], examination of the adjusted residuals indicated that the relationship was mostly created when more residents from India responded “yes” than expected (46 vs. 19.8; adjusted residual = 7.5). In addition, fewer residents from the UK responded “yes” than expected (9 vs. 19.8), and fewer residents from the USA responded “yes” than expected (11 vs. 20.9). Thus, the researchers concluded that there was a relationship between the perception that surgically implanted chips are a more secure technology for instituting employee identification and the respondents' country. In rank order, the countries contributing to this significant relationship were India, the UK and the USA; no such differences in opinion were found for respondents from Australia.

Table 1

Table 1

Additionally in the first phase of the study, the frequency data that compared the relationship of the generation to which the respondent belongs and support of surgically implanted transponders beneath the skin of an employee as a more secure technology for employee identification (yes - no) was examined as shown in Table 2. The significant chi-square () indicated that there was a relationship between the respondents' opinions and the generation of Baby Boomers, Generation X, or Generation Y, as defined by the Bureau of Labor Statistics. Using the rule of identifying adjusted residuals greater than 2.0 [19], examination of the adjusted residuals indicated that the relationship was mostly created when fewer participants categorized as Baby Boomers responded “yes” than expected (16 vs. 35; adjusted residual = 4.7). In addition, more participants categorized as Millennials responded “yes” than expected (31 vs. 16.5). Thus, the researchers concluded that there was a relationship between the perception that surgically implanted chips are a more secure technology for instituting employee identification and the respondents' generation. In rank order, the generations contributing to this significant relationship were Baby Boomers, and then the Millennials; no such differences in opinion were found for respondents who are categorized as Generation X.

Table 2

Table 2

In the second phase of the study, data from two surveys were gleaned. Data from the first questionnaire that was administered to small business owners was collected concurrently during the quantitative phase. A second questionnaire with open-ended questions was then subsequently administered to Indian Millennial students enrolled in colleges or universities. These findings allowed the researchers to better understand the meaning attached by Indian Millennials when they considered being chipped personally. Participants were asked “How would you personally feel about being implanted for ease of identification with your own organization?” Data was analyzed and four major themes emerged: 1) positive perceptions of being chipped relative to innovation, 2) positive perceptions of being chipped corresponding to security, 3) ambivalence when considering chip implants; and 4) openness to being chipped.

Compared to qualitative data from other generations, few of the Indian Millennial participants expressed negative comments and those participants who did express unwillingness did so in a mild manner. These comments included, “It will be easy, but I don't prefer (RFID implants)” and “I won't agree to it”.

When considering the theme of positive perceptions relating to innovation, one Indian Millennial participant stated, “It is good to use a new technology” and another stated, “It is a new concept, but I like the concept”. One participant succinctly stated implants are a “good innovation.”

When considering the theme of RFID implants perceived as positive and corresponding to security, participants' comments included, “It is very secure and is very useful in our organization” and “(I would) feel secure”. Some participants attached the feelings of security to specific aspects of an organization with comments such as “…it would make me feel secure about my work and position” and “This creates security regards [sic] to business”.

When considering the theme of ambivalence, Indian Millennial participants expressed a concurrent mix of positive and negative sentiments with such comments as “It is very useful, but at the same time it is also risky” and “It is good, but the need for such high security measures is something unnecessary…” Neutrality was evident when Millennials reported, “I don't know (how I feel about being chipped).” And such comments as: “(I) don't care” or “I do not feel anything (for this technology)…”

When considering the theme of openness of Indian Millennials to personally being chipped, Millennials said, “Not yet, (will) think about it” and “I'm open to the idea of getting an implant.” One respondent wrote, “never opted for the idea, but surely would like to try it.” Additionally, another participant shared “I don't think I have a problem with implantation” and another succinctly noted “Cool”.

SECTION V. Discussion

More than expected, Indian participants overall, perceived implants as a more secure technology for identification/access control in this study. Also, more than expected, participants categorized as part of the Millennial generation (born 1981–2000) overall, perceived implants as a more secure technology for identification/access control; conversely, fewer Baby Boomers than expected perceived implants as a more secure technology for identification/access control. This created the impetus for the researchers to explore how Indian participants who are categorized as Millennials would describe their feelings when considering getting an RFID implant.

When using data from open ended questions to bring meaning to the quantitative findings, Indian Millennials frequently expressed and/or attached positive or neutral meanings when describing how they feel about this emerging technology. This is in line with previous research (Perakslis, 2010) that investigated changes between 2005 and 2010 in levels of willingness to adopt an implant. The longitudinal research showed that in 2010, Millennials reported neutrality of opinion (“no opinion/neutral”) 13.2% more (from 11% of participants reporting neutral opinions in 2005 to 24.2% in 2010) when asked about willingness to implant a chip to reduce identity theft and 6.2% more (from 18% of participants reporting neutral opinions in 2005 to 24.2% in 2010) when asked about willingness to implant a chip to increase national security when compared to findings in 2005. Surprisingly, these participants were the only generation to convey noteworthy expressions of neutrality when compared with participants belonging to Generation X and/or Baby Boomers.

Thus, the researchers conclude three factors may affect perceptions about RFID implants as a more secure technology for identification and access control purposes. These are: 1) one's country of residence may inform perceptions, 2) generational factors may affect one's perception; and 3) participants whose country of residence was India and who are also categorized as Millennials describe more positive feelings generally, less negative feelings overall, and more neutral feelings about this technology when compared with the two prior generations.

SECTION VI. Conclusion

In conclusion, the researchers purport that such demographics as country of residence, as well as such psychographics as generational factors appear to affect perceptions of chip implants for identification and access control purposes in organizations. One limitation to this study could have been the psychographics of the participants; small business owners are often believed to be risk-takers and may exhibit more openness [20]. A second limitation to this study may be related to the timing of the data collection; there was a heightened awareness in India to security threats. A third limitation to this study may be related to religious beliefs; the researchers did not control for religious beliefs of participants in this study.


The authors acknowledge the financial support from the Institute for Innovation in Business and Social Research for the electronic survey that was deployed to four countries. In addition, we recognize the contributions of Dr. Felice Billups, Dr. Robert Gable, both of Johnson & Wales University, Dr. Michael Michael, formerly of the University of Wollongong, and the late Dr. Robert Wolk, formerly of Bridgewater State University, who was a long-time IEEE_SSIT member and coauthored one of the first published surveys on microchip implants in IEEE Technology and Society Magazine in 2006. This study is done, in large part, to fulfill Dr. Wolk's wishes to continue to investigate the social implications of such emerging technologies.

IEEE Keywords: Implants, Sociology, Radiofrequency identification, Educational institutions, Business, Access control, transponders, authorisation, biomedical electronics, microprocessor chips, organisational aspects,radiofrequency identification, statistical analysis, RFID implants, Indian millennials, microchip implants, secure technology, access control, sequential explanatory strategy, quantitative findings, Indian respondents perceptions, RFID transponders, radio frequency identification transponders, chi-square analysis, small business owners, organizations,frequency data, millennial generation, employee identification, RFID, radio frequency identification, microchips, surgically implanted chips,India, surveillance, access control

Citation: Christine Perakslis, Katina Michael, 2012, "Indian Millennials: Are microchip implants a more secure technology for identification and access control?", 2012 IEEE Conference on Technology and Society in Asia (T&SA), 27-29 Oct. 2012, DOI: 10.1109/TSAsia.2012.6397977

Heaven and Hell: Visions for Pervasive Adaptation


With everyday objects becoming increasingly smart and the “info-sphere” being enriched with nano-sensors and networked to computationally-enabled devices and services, the way we interact with our environment has changed significantly, and will continue to change rapidly in the next few years. Being user-centric, novel systems will tune their behaviour to individuals, taking into account users’ personal characteristics and preferences. But having a pervasive adaptive environment that understands and supports us “behaving naturally” with all its tempting charm and usability, may also bring latent risks, as we seamlessly give up our privacy (and also personal control) to a pervasive world of business-oriented goals of which we simply may be unaware.

1. Visions of pervasive adaptive technologies

This session considered some implications for the future, inviting participants to evaluate alternative utopian/dystopian visions of pervasive adaptive technologies. It was designed to appeal to anyone interested in the personal, social, economic and political impacts of pervasive, ubiquitous and adaptive computing.

The session was sponsored by projects from the FET Proactive Initiative on Pervasive Adaptation (PerAda), which targets technologies and design methodologies for pervasive information and communication systems capable of autonomously adapting in dynamic environments. The session was based on themes from the PerAda book entitled “This Pervasive Day”, to be published in 2011 by Imperial College Press, which includes several authors from the PerAda projects, who are technology experts in artificial intelligence, adaptive systems, ambient environments, and pervasive computing. The book offers visions of “user heaven” and “user hell”, describing technological benefits and useful applications of pervasive adaptation, but also potential threats of technology. For example, positive advances in sensor networks, affective computing and the ability to improve user-behaviour modeling using predictive analytics could be offset by results that ensure that neither our behaviour, nor our preferences, nor even our feelings will be exempt from being sensed, digitised, stored, shared, and even sold. Other potentially undesirable outcomes to privacy, basic freedoms (of expression, representation, demonstration etc.), and even human rights could emerge.

One of the major challenges, therefore, is how to improve pervasive technology (still in its immature phase) in order to optimise benefits and reduce the risks of negative effects. Increasingly FET research projects are asked to focus on the social and economic impacts of science and technology, and this session aimed to engage scientists in wider issues, and consider some of the less attractive effects as well as the benefits from pervasive adaptation. Future and emerging technology research should focus on the social and economic impacts of practical applications. The prospect of intelligent services increasingly usurping user preferences as well as a certain measure of human control creates challenges across a wide range of fields.

2. Format

The networking session took the form of a live debate, primed by several short “starter” talks by “This Pervasive Day” authors who each outlined “heaven and hell” scenarios. The session was chaired by Ben Paechter, Edinburgh Napier University, and coordinator of the PerAda coordination action. The other speakers were as follows:

Pervasive Adaptation and Design Contractualism.

Jeremy Pitt, Imperial College London, UK, editor of “This Pervasive Day”.

This presentation described some of the new channels, applications and affordances for pervasive computing and stressed the need to revisit the user-centric viewpoint of the domain of Human-Computer Interaction. In dealing with the issues of security and trust in such complex systems, capable of widespread data gathering and storage, Pitt suggested that there is a requirement for Design Contractualism, where the designer makes moral and ethical judgments and encodes them in the system. No privacy or security model is of any value if the system developers will not respect the implicit social contract on which the model depends.

Micro-chipping People, The Risk vs Reward Debate

Katina Michael, University of Wollongong, Australia

Michael discussed the rise of RFID chip implantation in people as a surveillance mechanism, making comparisons with the CCTV cameras that are becoming commonplace in streets and buildings worldwide. These devices are heralding in an age of “Uberveillance”, she claims, with corporations, governments and individuals being increasingly tempted to read and record the biometric and locative data of other individuals. This constant tracking of location and monitoring of physical condition raises serious questions concerning security and privacy that researchers will have to face in the near future.

Who is more adaptive: the technology or ourselves?

Nikola Serbedzija, Fraunhofer FIRST, Germany

Serbedzija discussed how today's widespread information technologies may be affecting how we are as humans. We are now entering a world where information is replacing materiality, and where control over our individual data allows us to construct ourselves as we wish to be seen by others. Serbedzija then presented examples of research into ethically critical systems, including a reflective approach to designing empathetic systems that use our personal, physical data to assist us in our activities, for example as vehicle co-driving situations.

3. Conclusion

Following the presentations, the discussion was opened out and panellists answered questions from conference delegates. This was augmented by the use of a “tweet wall” which was open to delegates to send comments and opinions using a Twitter account. This was displayed on screen during the discussion session.

Keywords: Pervasive adaptation, ubiquitous computing, sensor networks, affective computing, privacy, security

Citation: Ben Paechter, Jeremy Pitt, Nikola Serbedzija, Katina Michael, Jennifer Willies, Ingi Helgasona, 2011, "Heaven and Hell: Visions for Pervasive Adaptation", Procedia Computer Science: The European Future Technologies Conference and Exhibition 2011, Vol. 7, pp. 81-82, DOI: https://doi.org/10.1016/j.procs.2011.12.025

Toward a State of Überveillance


Überveillance is an emerging concept, and neither its application nor its power have yet fully arrived [38]. For some time, Roger Clarke's [12, p. 498] 1988 dataveillance concept has been prevalent: the “systematic use of personal data systems in the investigation or monitoring of the actions of one or more persons.”

Almost twenty years on, technology has developed so much and the national security context has altered so greatly [52], that there is a pressing need to formulate a new term to convey both the present reality, and the Realpolitik (policy primarily based on power) of our times. However, if it had not been for dataveillance, überveillance could not be. It must be emphasized that dataveillance will always exist - it will provide the scorecard for the engine being used to fulfill überveillance.

Dataveillance to Überveillance

Überveillance takes that which was static or discrete in the dataveillance world, and makes it constant and embedded. Consider überveillance not only automatic and having to do with identification, but also about real-time location tracking and condition monitoring. That is, überveillance connotes the ability to automatically locate and identify - in essence the ability to perform automatic location identification (ALI). Überveillance has to do with the fundamental who (ID), where (location), and when (time) questions in an attempt to derive why (motivation), what (result), and even how (method/plan/thought). Überveillance can be a predictive mechanism for a person's expected behavior, traits, likes, or dislikes; or it can be based on historical fact; or it can be something in between. The inherent problem with überveillance is that facts do not always add up to truth (i.e., as in the case of an exclusive disjunction T + T = F), and predictions based on überveillance are not always correct.

Überveillance is more than closed circuit television feeds, or cross-agency databases linked to national identity cards, or biometrics and ePassports used for international travel. Überveillance is the sum total of all these types of surveillance and the deliberate integration of an individual's personal data for the continuous tracking and monitoring of identity and location in real time. In its ultimate form, überveillance has to do with more than automatic identification technologies that we carry with us. It has to do with under-the-skin technology that is embedded in the body, such as microchip implants; it is that which cuts into the flesh - a charagma (mark) [61]. Think of it as Big Brother on the inside looking out. This charagma is virtually meaningless without the hybrid network architecture that supports its functionality: making the person a walking online node i.e., beyond luggable netbooks, smart phones, and contactless cards. We are referring here to the lowest common denominator, the smallest unit of tracking - presently a tiny chip inside the body of a human being, which could one day work similarly to the black box.

Implants cannot be left behind, cannot be lost, and supposedly cannot be tampered with; they are always on, can link to objects, and make the person seemingly otherworldly. This act of “chipification” is best illustrated by the ever-increasing uses of implant devices for medical prosthesis and for diagnostics [54]. Humancentric implants are giving rise to the Electrophorus [36, p. 313], the bearer of electric technology; an individual entity very different from the sci-fi notion of Cyborg as portrayed in such popular television series as the Six Million Dollar Man (1974–1978). In its current state, the Electrophorus relies on a device being triggered wirelessly when it enters an electromagnetic field; these properties now mean that systems can interact with people within a spatial dimension, unobtrusively [62]. And it is surely not simple coincidence that alongside überveillance we are witnessing the philosophical reawakening (throughout most of the fundamental streams running through our culture) of Nietzsche's Übermensch - the overcoming of the “all-too-human” [25].

Legal and Ethical Issues

In 2005 the European Group on Ethics (EGE) in Science and New Technologies, established by the European Commission (EC), submitted an Opinion on ICT implants in the human body [45]. The thirty-four page document outlines legal and ethical issues having to do with ICT implants, and is based on the European Union Treaty (Article 6) which has to do with the “fundamental rights” of the individual. Fundamental rights have to do with human dignity, the right to the integrity of the person, and the protection of personal data. From the legal perspective the following was ascertained [45, pp. 20–21]:

  • the existence of a recognised serious but uncertain risk, currently applying to the simplest types of ICT implants in the human body, requires application of the precautionary principle. In particular, one should distinguish between active and passive implants, reversible and irreversible implants, and between offline and online implants;
  • the purpose specification principle mandates at least a distinction between medical and non-medical applications. However, medical applications should also be evaluated stringently, partly to prevent them from being invoked as a means to legitimize other types of application;
  • the data minimization principle rules out the lawfulness of ICT implants that are only aimed at identifying patients, if they can be replaced by less invasive and equally secure tools;
  • the proportionality principle rules out the lawfulness of implants such as those that are used, for instance, exclusively to facilitate entrance to public premises;
  • the principle of integrity and inviolability of the body rules out that the data subject's consent is sufficient to allow all kinds of implant to be deployed; and
  • the dignity principle prohibits transformation of the body into an object that can be manipulated and controlled remotely - into a mere source of information.

ICT implants for non-medical purposes violate fundamental legal principles. ICT implants also have numerous ethical issues, including the requirement for: non-instrumentalization, privacy, non-discrimination, informed consent, equity, and the precautionary principle (see also [8], [27], [29]). It should be stated, however, that the EGE, while not recommending ICT implants for non-medical applications because they are fundamentally fraught with legal and ethical issues, did state the following [45, p. 32]:

ICT implants for surveillance in particular threaten human dignity. They could be used by state authorities, individuals and groups to increase their power over others. The implants could be used to locate people (and also to retrieve other kinds of information about them). This might be justified for security reasons (early release for prisoners) or for safety reasons (location of vulnerable children).

However, the EGE insists that such surveillance applications of ICT implants may only be permitted if the legislator considers that there is an urgent and justified necessity in a democratic society (Article 8 of the Human Rights Convention) and there are no less intrusive methods. Nevertheless the EGE does not favor such uses and considers that surveillance applications, under all circumstances, must be specified in legislation. Surveillance procedures in individual cases should be approved and monitored by an independent court.

The same general principles should apply to the use of ICT implants for military purposes. Although this Opinion was certainly useful, we have growing concerns about the development of the information society, the lack of public debate and awareness regarding this emerging technology, and the pressing need for regulation that has not occurred commensurate to developments in this domain.

Herein rests the problem of human rights and striking a “balance” between freedom, security, and justice. First, we contend that it is a fallacy to speak of a balance. In the microchip implant scenario, there will never be a balance, so long as someone else has the potential to control the implant device or the stored data about us that is linked to the device. Second, we are living in a period where chip implants for the purposes of segregation are being discussed seriously by health officials and politicians. We are speaking here of the identification of groups of people in the name of “health management” or “national security.” We will almost certainly witness new, and more fixed forms, of “electronic apartheid.”

Consider the very real case where the “Papua Legislative Council was deliberating a regulation that would see microchips implanted in people living with HIV/AIDS so authorities could monitor their actions” [50]. Similar discussions on “registration” were held regarding asylum seekers and illegal immigrants in the European Union [18]. RFID implants or the “tagging” of populations in Asia (e.g., Singapore) were also considered “the next step” in the containment and eradication of the Severe Acute Respiratory Syndrome (SARS) in 2003 [43]. Apart from disease outbreaks, RFID has also been discussed as a response and recovery device for emergency services personnel dispatched to terrorist disasters [6], and for the identification of victims of natural disasters, such as in the case of the Boxing Day Tsunami [10]. The question remains whether there is a truly legitimate use function of chip implants for the purposes of emergency management as opposed to other applications. Definition plays a critical role in this instance. A similar debate has ensued in the use of the Schengen Information System II in the European Union where differing states have recorded alerts on individuals based on their understanding of a security risk [17].

In June of 2006, legislative analyst Anthony Gad, reported in brief 06-13 for the Legislative Reference Bureau [16], that the:

2005 Wisconsin Act 482, passed by the legislature and signed by Governor Jim Doyle on May 30, 2006, prohibits the required implanting of microchips in humans. It is the first law of its kind in the nation reflecting a proactive attempt to prevent potential abuses of this emergent technology.

A number of states in the United States have passed similar laws [63], despite the fact that at the national level, the U.S. Food and Drug Administration [15] has allowed radio frequency identification implants for medical use in humans. The Wisconsin Act [59] states:

The people of the state of Wisconsin, represented in senate and assembly, do enact as follows: SECTION 1. 146.25 of the statutes is created to read: 146.25 Required implanting of microchip prohibited. (1) No person may require an individual to undergo the implanting of a microchip. (2) Any person who violates sub. (1) may be required to forfeit not more than $10,000. Each day of continued violation constitutes a separate offense.

North Dakota followed Wisconsin's example. Wisconsin Governor Hoeven signed a two sentence bill into state law on April 4, 2007. The bill was criticized by some who said that while it protected citizens from being “injected” with an implant, it did not prevent someone from making them swallow it [51]. And indeed, there are now a number of swallowable capsule technologies for a variety of purposes that have been patented in the U.S. and worldwide. As with a number of other states, California Governor Arnold Schwarzenegger signed bill SB 362 proposed by state Senator Joe Simitian barring “employers and others from forcing people to have a radio frequency identification (RFID) device implanted under their skin” [28], [60]. According to the Californian Office of Privacy Protection [9] this bill

… would prohibit a person from requiring any other individual to undergo the subcutaneous implanting of an identification device. It would allow an aggrieved party to bring an action against a violator for injunctive relief or for the assessment of civil penalties to be determined by the court.

The bill, which went into effect January 1, 2008, did not receive support from the technology industry on the contention that it was “unnecessary.”

Interestingly, however, it is in the United States that most chip implant applications have occurred, despite the calls for caution. The first human-implantable passive RFID microchip (the VeriChipTM) was approved for medical use in October of 2004 by the U.S. Food and Drug Administration. Nine hundred hospitals across the United States have registered the VeriChip's VeriMed system, and now the corporation's focus has moved to “patient enrollment” including people with diabetes, Alzheimer's, and dementia [14]. The VeriMedTM Patient Identification System is used for “rapidly and accurately identifying people who arrive in an emergency room and are unable to communicate” [56].

In February of 2006 [55], CityWatcher.com reported two of its employees had “glass encapsulated microchips with miniature antennas embedded in their forearms … merely a way of restricting access to vaults that held sensitive data and images for police departments, a layer of security beyond key cards and clearance codes.” Implants may soon be applied to the corrective services sector [44]. In 2002, 27 of 50 American states were using some form of satellite surveillance to monitor parolees. Similar schemes have been used in Sweden since 1994. In the majority of cases, parolees wear wireless wrist or ankle bracelets and carry small boxes containing the vital tracking and positioning technology. The positioning transmitter emits a constant signal that is monitored at a central location [33]. Despite continued claims by researchers that RFID is only used for identification purposes, Health Data Management disclosed that VeriChip (the primary commercial RFID implant patient ID provider) had enhanced its patient wander application by adding the ability to follow the “real-time location of patients, the ability to define containment areas for different classes of patients, and one-touch alerting. The system now also features the ability to track equipment in addition to patients” [19]. A number of these issues have moved the American Medical Association to produce an ethics code for RFID chip implants [4], [41], [47].

Outside the U.S., we find several applications for human-centric RFID. VeriChip's Scott Silverman stated in 2004 that 7000 chip implants had been given to distributors [57]. Today the number of VeriChip implantees worldwide is estimated to be at about 2000. So where did all these chips go? As far back as 2004, a nightclub in Barcelona, Spain [11] and Rotterdam, The Netherlands, known as the Baja Beach Club was offering “its VIP clients the opportunity to have a syringeinjected microchip implanted in their upper arms that not only [gave] them special access to VIP lounges, but also [acted] as a debit account from which they [could] pay for drinks” [39]. Microchips have also been implanted in a number of Mexican officials in the law enforcement sector [57]. “Mexico's top federal prosecutors and investigators began receiving chip implants in their arms … in order to get access to restricted areas inside the attorney general's headquarters.” In this instance, the implant acted as an access control security device despite the documented evidence that RFID is not a secure technology (see Gartner Research report [42]).

Despite the obvious issues related to security, there are a few unsolicited studies that forecast that VeriChip (now under the new corporate name Positive ID) will sell between 1 million and 1.4 million chips by 2020 [64, p. 21]. While these forecasts may seem over inflated to some researchers, one need only consider the very real possibility that some Americans may opt-in to adopting a Class II device that is implantable, life-supporting, or life-sustaining for more affordable and better quality health care (see section C of the Health Care bill titled: National Medical Device Registry [65, pp. 1001–1012]. There is also the real possibility that future pandemic outbreaks even more threatening than the H1N1 influenza, may require all citizens to become implanted for early detection depending on their travel patterns [66].

In the United Kingdom, The Guardian [58], reported that 11-year old Danielle Duval had an active chip (i.e., containing a rechargeable battery) implanted in her. Her mother believes that it is no different from tracking a stolen car, albeit for more important application. Mrs. Duvall is considering implanting her younger daughter age 7 as well but will wait until the child is a bit older, “so that she fully understands what's happening.” In Tokyo the Kyowa Corporation in 2004 manufactured a schoolbag with a GPS device fitted into it, to meet parental concerns about crime, and in 2005 Yokohama City children were involved in a four month RFID bracelet trial using the I-Safety system [53]. In 2007, Trutex, a company in Lancashire England, was seriously considering fitting the school uniforms they manufacture with RFID [31]. What might be next? Will concerned parents force microchip implants on minors?

Recently, decade-old experimental studies on microchip implants in rats have come to light tying the device to tumors [29]. The American Veterinary Medical Association [3] was so concerned that they released the following statement:

The American Veterinary Medical Association (AVMA) is very concerned about recent reports and studies that have linked microchip identification implants, commonly used in dogs and cats, to cancer in dogs and laboratory animals…. In addition, removal of the chip is a more invasive procedure and not without potential complications. It's clear that there is a need for more scientific research into this technology. [emphasis added]

We see here evidence pointing to the notion of “no return” - an admittance that removal of the chip is not easy, and not without complications.

The Norplant System was a levonorgestrel contraceptive insert that over 1 million women in the United States, and over 3.6 million women worldwide had been implanted with through 1996 [2]. The implants were inserted just under the skin of the upper arm in a surgical procedure under local anesthesia and could be removed in a similar fashion. As of 1997, there were 2700 Norplant suits pending in the state and federal courts across the United States alone. Most of the claims had to do with “pain or damage associated with insertion or removal of the implants … [p]laintiffs have contended that they were not adequately warned, however, concerning the degree or severity of these events” [2]. Thus, concerns for the potential for widespread health implications caused by humancentric implants have also been around for some time. In 2003, Covacio provided evidence why implants may impact humans adversely, categorizing these into thermal (i.e., whole/partial rise in body heating), stimulation (i.e., excitation of nerves and muscles), and other effects, most of which are currently unknown [13].

Role of Emerging Technologies

Wireless networks are now commonplace. What is not yet common are formal service level agreements to hand-off transactions between different types of networks. These architectures and protocols are being developed, and it is only a matter of time before existing technologies have the capability to track individuals between indoor and outdoor locations seamlessly, or a new technology is created to do what present-day networks cannot [26]. For instance, a wristwatch device with GPS capabilities to be worn under the skin translucently is one idea that was proposed in 1998. Hengartner and Steenkiste [23] forewarn that “[l]ocation is a sensitive piece of information” and that “releasing it to random entities might pose security and privacy risks.”

There is nowhere to hide in this digital society, and nothing remains private (in due course, perhaps, not even our thoughts). Nanotechnology, the engineering of functional systems at the molecular level, is also set to change the way we perceive surveillance - microscopic bugs (some 50 000 times smaller than the width of the human hair) will be more parasitic than even the most advanced silicon-based auto-ID technologies. In the future we may be wearing hundreds of microscopic implants, each relating to an exomuscle or an exoskeleton, and which have the power to interact with literally millions of objects in the “outside world.” The question is not whether state governments will invest in this technology: they are already making these investments [40]. There is a question whether the next generation will view this technology as super “cool” and convenient and opt-in without comprehending the consequences of their compliance.

The social implications of these über-intrusive technologies will obey few limits and no political borders. They will affect our day-to-day existence and our family and community relations. They will give rise to mental health problems, even more complex forms of paranoia and obsessive compulsive disorder. Many scholars now agree that with the support of modern neuroscience, “the intimate relation between bodily and psychic functions is basic to our personal identity” [45, p. 3]. Religious observances will be affected; for example, in the practice of confession and a particular understanding of absolution from “sin” - people might confess as much as they might want, but the records on the database, the slate, will not be wiped clean. The list of social implications is limited only by our imaginations. The peeping Tom that we carry on the inside will have manifest consequences for that which philosophers and theologians normally term self-consciousness.

Paradoxical Levels of Überveillance

In all of these factors rests the multiple paradoxical levels of überveillance. In the first instance, it will be one of the great blunders of the new political order to think that chip implants (or indeed nanodevices) will provide the last inch of detail required to know where a person is, what they are doing, and what they are thinking. Authentic ambient context will always be lacking, and this could further aggravate potential “puppeteers” of any comprehensive surveillance system. Marcus Wigan captures this critical facet of context when he speaks of “asymmetric information held by third parties.” Second, chip implants will not necessarily make a person smarter or more aware (unless someone can afford chip implants that have that effect), but on the contrary and under the “right” circumstances may make us increasingly unaware and mute. Third, chip implants are not the panacea they are made out to be - they can fail, they can be stolen, they are not tamper-proof, and they may cause harmful effects to the body. They are a foreign object and their primary function is to relate to the outside world not to the body itself (as in the case of pacemakers and cochlear implants). Fourth, chip implants at present do not give a person greater control over her space, but allow for others to control and to decrease the individual's autonomy and as a result decrease interpersonal trust at both societal and state levels. Trust is inexorably linked to both metaphysical and moral freedom. Therefore the naive position routinely heard in the public domain that if you have “nothing to hide, why worry?” misses the point entirely. Fifth, chip implants will create a presently unimaginable digital divide - we are not referring to computer access here, or Internet access, but access to another mode of existence. The “haves” (implantees) and the “have-nots” (non-implantees) will not be on speaking terms; perhaps this suggests a fresh interpretation to the biblical tower of Babel (Gen. 11:9).

In the scenario, where a universal ID is instituted, unless the implant is removed within its prescribed time, the body will adopt the foreign object and tie it to tissue. At this moment, there will be no exit strategy and no contingency plan; it will be a life sentence to upgrades, virus protection mechanisms, and inescapable intrusion. Imagine a working situation where your computer - the one that stores all your personal data - has been hit by a worm, and becomes increasingly inoperable and subject to overflow errors and connectivity problems. Now imagine the same thing happening with an embedded implant. There would be little choice other than to upgrade or to opt out of the networked world altogether.

A decisive step towards überveillance will be a unique and “non-refundable” identification number (ID). The universal drive to provide us all with cradle-to-grave unique lifetime identifiers (ULIs), which will replace our names, is gaining increasing momentum, especially after September 11. Philosophers have have argued that names are the signification of identity and origin; our names possess both sense and reference [24, p. 602f]. Two of the twentieth century's greatest political consciences (one who survived the Stalinist purges and the other the holocaust), Aleksandr Solzhenitsyn and Primo Levi, have warned us of the connection between murderous regimes and the numbering of individuals. It is far easier to extinguish an individual if you are rubbing out a number rather than a life history.

Aleksandr Solzhenitsyn recounts in The Gulag Archipelago (1918–56), (2007, p. 346f):

[Corrective Labor Camps] quite blatantly borrowed from the Nazis a practice which had proved valuable to them - the substitution of a number for the prisoner's name, his “I”, his human individuality, so that the difference between one man and another was a digit more or less in an otherwise identical row of figures … [i]f you remember all this, it may not surprise you to hear that making him wear numbers was the most hurtful and effective way of damaging a prisoner's self-respect.

Primo Levi writes similarly in his own well-known account of the human condition in The Drowned and the Saved (1989, p. 94f):

Altogether different is what must be said about the tattoo [the number], an altogether autochthonous Auschwitzian invention … [t]he operation was not very painful and lasted no more than a minute, but it was traumatic. Its symbolic meaning was clear to everyone: this is an indelible mark, you will never leave here; this is the mark with which slaves are branded and cattle sent to the slaughter, and this is what you have become. You no longer have a name; this is your new name.

And many centuries before both Solzhenitsyn and Levi were to become acknowledged as two of the greatest political consciences of our times, an exile on the isle of Patmos - during the reign of the Emperor Domitian - referred to the abuses of the emperor cult which was practiced in Asia Minor away from the more sophisticated population of Rome [37, pp. 176–196]. He was Saint John the Evangelist, commonly recognized as the author of the Book of Revelation (c. A.D. 95):

16 Also it causes all, both small and great, both rich and poor, both free and slave, to be marked on the right hand or the forehead, 17 so that no one can buy or sell unless he has the mark, that is, the name of the beast or the number of its name. 18 This calls for wisdom: let him who has understanding reckon the number of the beast, for it is a human number, its number is six hundred and sixty-six (Rev 13:16–18) [RSV, 1973].

The technological infrastructures—the software, the middleware, and the hardware for ULIs—are readily available to support a diverse range of humancentric applications, and increasingly those embedded technologies which will eventually support überveillance. Multi-national corporations, particularly those involved in telecommunications, banking, and health are investing millions (expecting literally billions in return) in identifiable technologies that have a tracking capability. At the same time the media, which in some cases may yield more sway with people than government institutions themselves, squanders its influence and is not intelligently challenging the automatic identification (auto-ID) trajectory. As if in chorus, blockbuster productions from Hollywood are playing up all forms of biometrics as not only hip and smart, but also as unavoidable mini-device fashion accessories for the upwardly mobile and attractive. Advertising plays a dominant role in this cultural tech-rap. Advertisers are well aware that the market is literally limitless and demographically accessible at all levels (and more tantalizingly from cradle-to-grave consumers). Our culture, which in previous generations was for the better part the vanguard against most things detrimental to our collective well-being, is dangerously close to bankrupt (it already is idol worshipping) and has progressively become fecund territory for whatever idiocy might take our fancy. Carl Bernstein [7] captured the atmosphere of recent times very well:

We are in the process of creating what deserves to be called the idiot culture. Not an idiot sub-culture, which every society has bubbling beneath the surface and which can provide harmless fun; but the culture itself. For the first time the weird and the stupid and the coarse are becoming our cultural norm, even our cultural ideal.

Despite the technological fixation with which most of the world is engaged, there is a perceptible mood of a collective disquiet that something is not as it should be. In the face of that, this self-deception of “wellness” is not only taking a stronger hold on us, but it is also being rationalized and deconstructed on many levels. We must break free of this dangerous daydream to make out the cracks that have already started to appear on the gold tinted rim of this seeming 21st century utopia. The machine, the new technicized “gulag archipelago” is ever pitiless and without conscience. It can crush bones, break spirits, and rip out hearts without pausing.

The authors of this article are not anti-government; nor are they conspiracy theorists (though we now know better than to rule out all conspiracy theories). Nor do they believe that these dark scenarios are inevitable. But we do believe that we are close to the point of no return. Others believe that point is much closer [1]. It remains for individuals to speak up and argue for, and to demand regulation, as has happened in several states in the United States where Acts have been established to avoid microchipping without an individual's consent, i.e., compulsory electronic tagging of citizens. Our politicians for a number of reasons will not legislate on this issue of their own accord, with some few exceptions. It would involve multifaceted industry and absorb too much of their time, and there is the fear they might be labelled anti-technology or worse still, failing to do all that they can to fight against “terror.” This is one of the components of the modern-day Realpolitik, which in its push for a transparent society is bulldozing ahead without any true sensibility for the richness, fullness, and sensitivity of the undergrowth. As an actively engaged community, as a body of concerned researchers with an ecumenical conscience and voice, we can make a difference by postponing or even avoiding some of the doomsday scenario outlined here.

Finally, the authors would like to underscore three main points. First, nowhere is it suggested in this paper that medical prosthetic or therapeutic devices are not welcome technological innovations. Second, the positions, projections, and beliefs expressed in this summary do not necessarily reflect the positions, projections, and beliefs of the individual contributors to this special section. And third the authors of the papers do embrace all that which is vital and dynamic with technology, but reject its rampant application and diffusion without studied consideration as to the potential effects and consequences.


1. Surveillance Society Clock 23:54 American Civil Liberties Union, Oct. 2007, [online] Available: http://www.aclu.org/privacy/spying/surveillancesocietyclock.html, accessed.

2. Norplant system contraceptive inserts, Oct. 2007, [online] Available: http://www.ama-assn.org/ama/pub/category/print/13593.html.

3. "Breaking news: Statement on microchipping", American Veterinary Medical Association, Oct. 2007, [online] Available: http://www.avma.org/ aa/microchip/breaking_news_070913_pf.asp.

4. B. Bacheldor, "AMA issues Ethics Code for RFID chip implants", RFID J., Oct. 2007, [online] Available: http://www.rfidjournal.com/article/ articleprint/3487/-1/1/.

5. E. Ball, K. Bond, Bess Marion v. Eddie Cafka and ECC Enterprises Inc., Oct. 2007, [online] Available: http://www. itmootcourt.com/2005%20Briefs/Petitioner/Team18.pdf.

6. "Implant chip to identify the dead", BBC News, Jan. 2006, [online] Available: http://news.bbc.co.Uk/1/hi/technology/4721175.stm. 

7. C. Bernstein, The Guardian, June 1992.

8. P. Burton, K. Stockhausen, The Australian Medical Association's Submission to the Legal and Constitutional's Inquiry into the Privacy Act 1988, Oct. 2007, [online] Available: http://www.ama.com.au/web.nsf/doc/ WEEN-69X6DV/\$file/Privacy_Submission_to_Senate_Committee. doc.

9. California privacy legislation, State of California:Office of Privacy Protection, July 2007, [online] Available: http://www.privacy.ca.gov/califlegis.htm.

10. "Thai wave disaster largest forensic challenge in years: Expert", Channel News Asia, Feb. 2005, [online] Available: http://www.channelnewsasia.com/stories/afp_asiapacific/view/125459/1/.html.

11. C. Chase, "VIP Verichip", Baja Beach House- Zona VIP, Oct. 2007, [online] Available: http:// www.baja-beachclub.com/bajaes/asp/zonavip2.aspx.

12. R. A. Clarke, "Information technology and dataveillance", Commun. ACM, vol. 31, no. 5, pp. 498-512, 1988.

13. S. Covacio, "Technological problems associated with the subcutaneous microchips for human identification (SMHId)", InSITE-Where Parallels Intersect, pp. 843-853, June 2003.

14. "13 diabetics implanted with VeriMed RFID microchip at Boston diabetes EXPO", Medical News Today, Oct. 2007, [online] Available: http://www.medicalnewstoday.com/articles/65560.php.

15. "Medical devices; General hospital and personal use devices; classification of implantable radiofrequency transponder system for patient identification and health information", U.S. Food and Drug Administration-Department of Health and Human Services, vol. 69, no. 237, Oct. 2007, [online] Available: http://www.fda.gov/ohrms/dockets/98fr/0427077.htm.

16. A. Gad, "Legislative Brief 06-13: Human Microchip Implantation", Legislative Briefs from the Legislative Reference Bureau, June 2006, [online] Available: http://www.legis.state.wi.us/lrb/pubs/Lb/06Lb13.pdf.

17. E. Guild, D. Bigo, "The Schengen Border System and Enlargement" in Police and Justice Co-operation and the New European Borders, European Monographs, pp. 121-138, 2002.

18. M. Hawthorne, "Refugees meeting hears proposal to register every human in the world", Sydney Morning Herald, July 2003, [online] Available: http://www.smh.com.au/breaking/2001/12/14/FFX058CU6VC.html.

19. "VeriChip enhances patient wander app", Health Data Management, Oct. 2007, [online] Available: http://healthdatamanagement.com/ HDMSearchResultsDetails.cfm?articleId=12361.

20. "VeriChip buys monitoring tech vendor", Health Data Management, July 2005, [online] Available: http://healthdatamanagement.com/ HDMSearchResultsDetails.cfm?articleId=12458.

21. "Chips keep tabs on babies moms", Health Data Management, Oct. 2005, [online] Available: http://healthdatamanagement.com/HDMSearchResultsDetails. cfm?articleId=15439.

22. "Baylor uses RFID to track newborns", Health Data Management, July 2007, [online] Available: http://healthdatamanagement.com/HDMSearchResultsDetails.cfm?articleId=15439.

23. U. Hengartner, P. Steenkiste, "Access control to people location information", ACM Trans. Information Syst. Security, vol. 8, no. 4, pp. 424-456, 2005.

24. "Names" in Oxford Companion to Philosophy, U.K., Oxford:Oxford Univ. Press, pp. 602f, 1995.

25. "Nietzsche Friedrich" in Oxford Companion to Philosophy, U.K., Oxford:Oxford Univ. Press, pp. 619-623, 1995.

26. "RFID tags equipped with GPS", Navigadget, Oct. 2007, [online] Available: http://www.navigadget.com/index.php/2007/06/27/rfid-tags-equipped-with-gps/.

27. "Me & my RFIDs", IEEE Spectrum, vol. 4, no. 3, pp. 14-25, Mar. 2007.

28. K. C. Jones, "California passes bill to ban forced RFID tagging", InformationWeek, Sept. 2007, [online] Available: http://www.informationweek.com/ shared/printableArticle.jhtml?articleID=201803861.

29. T. Lewan, "Microchips implanted in humans: High-tech helpers or Big Brother's surveillance tools?", The Associated Press, Oct. 2007, [online] Available: http://abcnews.go.com/print?id=3401306.

30. T. Lewan, Chip implants linked to animal tumors, Associated Press/ WashingtonPost.com, Oct. 2007, [online] Available: http://www.washingtonpost.com/wp-dyn/content/article/2007/09/09/AR2007090900467. html.

31. J. Meikle, "Pupils face tracking bugs in school blazers", The Guardian, Aug. 2007, [online] Available: http://www.guardian.co.uk/uk_news/ story/0, 2152979,00.

32. K. Michael, Selected Works of Dr. Katina Michael, Australia, Wollongong:Univ. of Wollongong, Oct. 2007, [online] Available: http://ro.uow.edu.au/kmichael/.

33. K. Michael, A. Masters, "Realised applications of positioning technologies in defense intelligence" in Applications of Information Systems to Homeland Security and Defense, IDG Press, pp. 164-192, 2006.

34. K. Michael, A. Masters, "The advancement of positioning technologies in defence intelligence" in Applications of Information Systems to Homeland Security and Defense, IDG Press, pp. 193-214, 2006.

35. K. Michael, M. G. Michael, "Towards chipification: The multifunctional body art of the net generation" in Cultural Attitudes Towards Technology and Communication, Estonia, Tartu:, pp. 622-641, 2006.

36. K. Michael, M. G. Michael, "Homo electricus and the continued speciation of humans" in The Encyclopedia of Information Ethics and Security, IGI Global, pp. 312-318, 2007.

37. M. G. Michael, Ch IX: Imperial cult in The Number of the Beast 666 (Revelation 13:16-18): Background Sources and Interpretation, Macquarie Univ., 1998.

38. M. G. Michael, "Überveillance: 24/7 × 365-People tracking and monitoring", Proc. 29 International Conference of Data Protection and Privacy Commissioners: Privacy Horizons Terra Incognita, 2007-Sept.-25-28, [online] Available: http://www.privacyconference2007.gc.ca/Terra_Incognita_program_E.html.

39. S. Morton, "Barcelona clubbers get chipped", BBC News, Oct. 2007, [online] Available: http://news.bbc.co.Uk/2/hi/technology/3697940.stm. 

40. D. Ratner, M. A. Ratner, Nanotechnology and Homeland Security: New Weapons for New Wars, U.S.Α., New Jersey:Prentice Hall, 2004.

41. J. H. Reichman, "RFID labeling in humans American Medical Association House of Delegates: Resolution: 6 (A-06)", Reference Committee on Amendments to Constitution and Bylaws, 2006, [online] Available: http://www. ama-assn.org/amal/pub/upload/mm/471/006a06.doc.

42. M. Reynolds, "Despite the hype microchip implants won't deliver security", Gartner Research, Oct. 2007, [online] Available: http://www.gartner.com/ DisplayDocument?doc_cd=121944.

43. "Singapore fights SARS with RFID", RFID J., Aug. 2005, [online] Available: http://www.rfidjournal.com/article/articleprint/446/-1/1/.

44. "I am not a number - Tracking Australian prisoners with wearable RFID tech", RFID Gazette, Oct. 2007, [online] Available: http://www. rfidgazette.org/2006/08/i_am_not_a_numb.html.

45. S. Rodotà, R. Capurro, "Ethical aspects of ICT implants in the human body", Opinion of the European Group on Ethics in Science and New Technologies to the European Commission N° 20 Adopted on 16/03/2005, Oct. 2007, [online] Available: http://ec.europa.eu/european_group_ethics/docs/ avis20_en.pdf.

46. "Papua Legislative Council deliberating microchip regulation for people with HIV/AIDS", Radio New Zealand International, Oct. 2007, [online] Available: http://www.rnzi.com/pages/news. php?op=read&id=33896.

47. R. M. Sade, "Radio frequency ID devices in humans Report of the Council on Ethical and Judicial Affairs: CEJA Report 5-A-07", Reference Committee on Amendments to Constitution and Bylaws, Oct. 2007, [online] Available: http://www.ama-assn.org/amal/pub/upload/ mm/369/ceja_5a07.pdf.

48. B. K. Schuerenberg, "Implantable RFID chip takes root in CIO: Beta tester praises new mobile device though some experts see obstacles to widespread adoption", Health Data Management, Feb. 2005, [online] Available: http://www.healthdatamanagement.com/HDMSearchResultsDetails. cfm?articleId=12232.

49. B. K. Schuerenberg, "Patients let RFID get under their skin", Health Data Management, Nov. 2005, [online] Available: http://healthdatamanagement. com/HDMSearchResultsDetails.cfm?articleId=12601.

50. N. D. Somba, "Papua considers 'chipping' people with HIV/ AIDS", The Jakarta Post, Oct. 2007, [online] Available: http://www.thejakartapost. com/yesterdaydetail.asp?fileid=20070724.G04.

51. M. L. Songini, "N.D. bans forced RFID chipping Governor wants a balance between technology privacy", ComputerWorld, Oct. 2007, [online] Available: http://www.computerworld.com/action/article.do?command =viewArticleBasic&taxonomyId=15&articleId=9016385&intsrc=h m_topic.

52. D. M. Snow, National Security For A New Era.: Globalization And Geopolitics, Addison-Wesley, 2005.

53. C. Swedberg, "RFID watches over school kids in Japan", RFID J., Oct. 2007, [online] Available: http://www.rfidjournal.com/article/ articleview/2050/1/1/.

54. C. Swedberg, "Alzheimer's care center to carry out VeriChip pilot", RFID J., Oct. 2007, [online] Available: http://www.rfidjournal.com/article/ articleview/3340/1/1/.

55. "Chips: High tech aids or tracking tools?", Fairfax Digital: The Age, Oct. 2007, [online] Available: http://www.theage.com.au/news/Technology/Microchip-Implants-Raise-Privacy-Concern/2007/07/22/1184560127138. html. 

56. "VeriChip Corporation adds more than 200 hospitals at the American College of Emergency Physicians (ACEP) Conference", VeriChip News Release, 2007-Oct.-11, [online] Available: http://www.verichipcorp.com/ news/1192106879.

57. W. Weissert, "Microchips implanted in Mexican officials", Associated Press, Oct. 2007, [online] Available: http://www.msnbc.msn.com/id/5439055/.

58. J. Wilson, "Girl to get tracker implant to ease parents' fears", The Guardian, Oct. 2002, [online] Available: http://www.guardian.co.uk/Print/0,3858,4493297,00. html.

59. Wisconsin Act 482, May 2006, [online] Available: http://www.legis.state. wi.us/2005/data/acts/05Act482.pdf.

60. J. Woolfolk, "Back off Boss: Forcible RFID implants outlawed in California", Mercury News, Oct. 2007, [online] Available: http://www.mercurynews. com/portlet/article/html/fragments/print_article.jsp?articleId=7162880.

61. Macquarie Dictionary, Sydney University, pp. 1094, 2009.

62. K. Michael, M. G. Michael, Innovative Automatic Identification and Location-Βased Services: From Bar Codes to Chip Implants, PA, Hershey:IGI Global, pp. 401, 2009

63. A. Griggieri, K. Michael, M. G. Michael, "The legal ramifications of microchipping people in the United States of America- A state legislative comparison", Ρroc. 2009 IEEE Int. Symp. Technology and Society, pp. 1-8, 2009.

64. A. Marburger, J. Coon, K. Fleck, T. Kremer, VeriChip™: Implantable RFID for The Health Industry, June 2005, [online] Available: http://www. thecivilrightonline.com/docs/Verichip_Implantable%20RFID.pdf.

65. 111TH CONGRESS 1ST SESSION H. R. 11 A BILL: To provide affordable quality health care for all Americans and reduce the growth in health care spending and for other purposes, 2010-Apr.-1, [online] Available: http://waysandmeans. house.gov/media/pdf/111/AAHCA09001xml.pdf.

66. Positive ID. 2010. Health-ID, May 2010, [online] Available: http://www.positiveidcorp.com/ health-id.html.

IEEE Keywords: Implants, TV, Data systems, National security, Pressing, Engines, Condition monitoring, Circuits,Feeds, Databases

Citation: M.G. Michael, Katina Michael, Toward a State of Überveillance, IEEE Technology and Society Magazine ( Volume: 29, Issue: 2, Summer 2010 ), pp. 9 - 16, Date of Publication: 01 June 2010, DOI: 10.1109/MTS.2010.937024

Advanced location-based services

This special issue of Computer Communications presents state-of-the-art research and applications in the area of location-based services (LBS). Initial location-based services entered the market around the turn of the millennium and for the greater part appeared in the form of restaurant finders and tourist guides, which never gained widespread user acceptance. The reasons for this were numerous and ranged from inaccurate localization mechanisms like Cell-ID, little creativity in the design and functions of such services, to a generally low acceptance of data services. However, in recent years, there has been an increasing market penetration of GPS-capable mobile phones and devices, which not only support high-accuracy positioning, but also allow for the execution of sophisticated location-based applications due to fast mobile data services, remarkable computational power and high-resolution color displays. Furthermore, the popularity of these devices is accompanied by the emergence of new players in the LBS market, which offer real-time mapping, points-of-interest content, navigation support, and supplementary services. LBS have also received a significant boost by federal government agency mandates in emergency services, such as in the United States of America. All these advancements are making LBS one of the most exciting areas of research and development with the potential to become one of the most pervasive and convenient services in the near future.

As it turns out, these developments lead to new and sophisticated LBSs, which are referred to as “Advanced LBSs” in this special issue. Examples include, but are not limited to, proactive services, which automatically inform their users when they enter or leave the bounds of pre-defined points of interest; community services, where members of a community mutually exchange their locations either on request or in a proactive fashion; or mobile gaming, where the geographic locations of the players become an integral part of the game. However, the realization of such Advanced LBSs is also associated with some challenges and problems, which have yet to be resolved. For example, there is a strong need for powerful middleware frameworks, architectures and protocols that support the acquisition of location data, their distribution, and processing. In the area of localization mechanisms, accuracy, reliability, and coverage of available technologies must be improved, for example, by combining several methods and enabling a seamless positioning handover between outdoor and indoor technologies. And, finally, because LBSs will significantly change the way people interact and communicate with each other, similar to the impact that mobile phones had a decade ago, solutions must be developed that allow an LBS user to safeguard their privacy with respect to real-time location reckoning, and historical location profiles.

In this special issue, we have addressed the challenges of Advanced LBSs. We received many high-quality submissions from all over the world and finally selected 13 articles. Papers were carefully reviewed and selected based on their scholarship and to provide as broad an appeal to a range of research topics. We received several papers with advanced and very interesting applications, of which we selected the most relevant and novel. Five papers are devoted to middleware and architectures, which are meant to make the infrastructure transparent to application developers and therefore speed up the development process. We received many submissions related to localization schemes and algorithms showing the importance of this aspect on location-based services and the maturity of this research topic. Three localization-related papers are included in the issue. Finally, although security, privacy and ethical issues are well-known concerns in the field of LBS, too few articles were submitted on these topics, indicating that this area requires much needed exploration. However, three interesting papers are included for your perusal. It therefore follows that advanced location-based services can be considered in totality of a given end-to-end offering or ‘advanced’ in a given aspect-complex network architecture, novel application, or multi-mode end-user IP device. A summary of the accepted papers follows.

Two papers are related to LBS applications. The first paper, “Location-Based Services for Elderly and Disabled People” by Alvaro Marco et al. includes a robust, low cost, highly accurate and scalable ZigBee- and ultrasound-based positioning system that provides alarm, monitoring, navigation and leisure services to the elderly and disable people in a residence located in Zaragoza, Spain. The paper “BlueBot: Asset Tracking via Robotic Location Crawling” by Abhishek Patil et al. presents a robot-based system that combines RFID and Wi-Fi positioning technology to automatically survey assets in a facility. The proposed system, which uses off-the-shelf components, promises to automate the tedious inventory process taking place in libraries, manufactures, distributors, and retailers of consumer goods.

Five of the selected papers deal with software middleware, architectures and APIs for advanced LBSs. The first paper, “The PoSIM Middleware for Translucent and Context-aware Integrated Management of Heterogeneous Positioning Systems” by Paolo Bellavista et al., presents middleware that integrates and hides different positioning systems to the application developer while providing different levels of information depending on context, LBS requirements, user preferences, device characteristics, and overall system state. PoSIM provides application developers both, a high level APIs that provides simplified access to positioning systems, and a low level API that provides detailed information from a specific positioning system. Sean Barbeau et al. present an update of the under-development JSR293 Java Location API for J2ME. The article describes the main features of the current API as well as the significant enhancements and new services included in the standardization effort of the expert group so far. Next, the paper “The Internet Location Services Model” by Martin Dawson presents the architecture and services being standardized by the IETF to provide location information to devices independently of any remote service provider. Hasari Celebi and Hüseyin Arslan in “Enabling Location and Environment Awareness in Cognitive Radios” propose a cognitive radio-based architecture that utilizes not only location but also environment information to support advanced LBS. Finally, Christo Laoudias et al. present “Part One: The Statistical Terminal Assisted Mobile Positioning Methodology and Architecture”. The paper describes the architecture of the STAMP system, which is meant to improve the accuracy of existing positioning systems by exploiting measurements collected at the mobile terminal side.

In the area of localization, three papers are included for your perusal. The first paper by Yannis Markoulidakis et al. present “Part Two: Kalman Filtering Options for Error Minimization in Statistical Terminal Assisted Mobile Positioning”, a Kalman filter-based solution to minimize the terminal position error for the STAMP system. Then, Marian Mohr et al. present “A Study of LBS Accuracy in the UK and a Novel Approach to Inferring the Positioning Technology Employed”, an empirical study of the accuracy of positioning information in the UK and a novel technique to infer the positioning technology used by the cellular operators. Finally, in “MLDS: A Flexible Location Directory Service for Tiered Sensor Networks”, Sangeeta Bhattacharya et al. present a multi-resolution location directory service that allows the realization of LBSs with wireless sensor networks. The system successfully tracks mobile agents across single and multiple sensor networks while considering accuracy and communication costs.

The final three articles are devoted to security, privacy and ethical issues, again, very important topics in the realization of advanced LBSs. In “Location Constraints in Digital Rights Management”, Adam Muhlbauer et al. describe the design and implementation of a system for creating and enforcing licences containing location constraints, which can be used to confine access to sensitive documents to a defined area. The following paper, “A TTP-Free Protocol for Location Privacy in Location-Based Services” by Agusti Solanas and Antoni Martı´nez-Ballesté, presents a distributed technique to progressively increase the privacy of the users when they exchange location information among untrusted parties. Finally, the paper “A Research Note on Ethics in the Emerging Age of Überveillance” by M.G. Michael et al. defines, describes and interprets the socio-ethical implications that tracking and monitoring services bring to humans because of the ability of the government and service providers to collect targeted data and conduct general surveillance on individuals. The study calls for further research to create legislation, policies and social awareness in the age of Überveillance, an emerging concept used to describe exaggerated, omnipresent electronic surveillance.

This issue of Computer Communications offers a ground-breaking view into current and future developments in Advanced Location-Based Services. The global nature of submissions indicates that location-based services is a world-wide application focus that has universal appeal both in terms of research and commercialization. This issue offers both academic and industry appeal- the former as a basis toward future research directions, and the latter toward viable commercial LBS implementations. Advanced location-based services in the longer-term will be characterized by their criticalness in consumer, business and government applications in the areas of banking, health, supply chain management, emergency services, and national security.

We thank Editor-in-Chief Jeremy Thompson and Co-Editor-in-Chief Mohammed Atiquzzaman for hosting this special issue. Thanks also to Lorraine McMorrow and Sandra Korver for their support overseeing the paper review and publishing processes. We also thank all the authors and anonymous reviewers for their hard and timely work.

We hope you enjoy this issue as much as we did!

Citation: Miguel A.Labrador, Katina Michael, Axel Küpper Advanced location-based services, Computer Communications, Vol. 31, No. 6, 18 April 2008, pp. 1053-1054. DOI: https://doi.org/10.1016/j.comcom.2008.01.033

Minimizing Product Shrinkage across the Supply Chain using Radio Frequency Identification


This paper identifies the contributing factors of product shrinkage and investigates the current state of anti-theft technology as part of the loss prevention strategy for a major Australian retailer. Using a case study approach a total of eleven interviews were conducted with employees of the retailer to identify factors contributing to product shrinkage and ways to overcome these through the use of radio frequency identification (RFID) technology. Known sources of product shrinkage included: warehouse discrepancies, internal and external theft, product recalls, shop return fraud, extortion, human and system error, poor stock control, poor rotation of stock, misplaced product items, lost products, product spoilage and damage. Each of the retailer's stores, in the chain of approximately 700, loses about 350000 Australian dollars to product shrinkage every six months. This paper argues that RFID would act as a partial solution toward the minimization of the retailer's product shrinkage and provide greater visibility throughout the supply chain.

Section 1. Introduction

This paper will determine the contributing factors of product shrinkage and investigate the current state of electronic identification as part of a loss prevention strategy in a case study of an Australian retailer. The main method of data collection for the case study was using interviews. In total, eleven interviews were conducted with members of the retailer's Loss Prevention Department, and managers of departments within retail outlets in two regions of New South Wales in Australia. The retailer is currently using barcode systems to identify products, and electronic article surveillance (EAS) as an anti-theft technology. As a key driver to the existence of a loss prevention strategy, product shrinkage and sources which comprise it were identified. Radio frequency identification (RFID) is then proposed as a partial solution to minimize the retailer's product shrinkage. This paper aims to explore how RFID could replace EAS given its superior functionality.

Section 2. Background of the retailer

The grocery retailer chosen for the case is one of Australia's leading supermarket chains, with approximately 270 stores in New South Wales and over 700 Australia wide. Supported by thousands of suppliers, the retailer has over 42,000 product lines on sale to consumers. Product lines include both Australian made consumer goods and internationally imported goods. Goods on sale by the retailer consist of long-life foods (e.g. confectionary, canned fruit, condiments), perishable foods (e.g. vegetables, bread, frozen meals) and general merchandise (e.g. electrical appliances, cosmetics, liquor). Over 100,000 staff members across Australia work together to get products into stores and on displays, which are then purchased by over 13 million customers each week.

Section 3. Methodology

Product shrinkage

Product shrinkage

The research was conducted using eleven semistructured interviews with employees from Loss Prevention, and various departments within five retail stores. All the interviews were conducted in August and September of 2006. The interviewees had the following job descriptions: Loss Prevention Manager (1), Loss Prevention Investigator, Loss Prevention Manager (2), Liquor Manager, Grocery Manager, Store Services Manager, Store Trading Manager, Store Manager, Delicatessen Manager, Night-fill Captain, and Customer Implementation Executive. Employees within Loss Prevention work as a team to ensure policies and procedures are adhered to at a store level (figure 1). Product shrinkage is considered to be the general indicator of how well a store's loss prevention strategy is performing, or how well it has been executed. Furthermore, the primary motivator of loss prevention is to reduce product shrinkage. As stated by the Loss Prevention Manager (2): “[The Retail Organization] has been fairly focused on shrinkage for the last 5 years.” The interviews were transcribed and then analyzed using the Leximancer computer assisted qualitative data analysis software (CAQDAS). As a tool used to extract main concepts from documents, the researcher was able to use these concepts in the creation of themes to be addressed in the narrative.

Section 4. The retailer's legacy systems

The retailer currently uses barcodes for the automatic identification of products across the supply chain, and EAS for anti-theft purposes as part of a loss prevention strategy. Both systems have distinct functions and operate independently of one another. Barcodes provide a way to record damaged products and identify targeted areas, whereas EAS is used to deter thieves.

4.1 Barcode for product identification

The retailer's barcode system is primarily used to identify products in a variety of daily activities. One of these activities, closely related to loss prevention, is its ability to help keep track of damaged goods. For instance, damaged products can be scanned and automatically declared as ‘damaged goods’, electronically recorded and then disposed of. This process notifies the automatic stock ordering system that products are damaged and need to be re-ordered, thus helping to maintain product availability in the retail outlet. Barcodes can assist in minimizing product shrinkage by recording damaged products but exist primarily to semi-automate supply chain operations. When the Night-fill Captain of one of the retailer's leading stores was asked if barcodes play a role in minimizing product shrinkage, he responded: “[i]t makes you aware of it. It doesn't actually deter or prevent it in any way. It gives you more knowledge of what's going on and where the targeted areas might be.” In other words, stock which has been misplaced or stolen is not readily identified by retail staff As supported by the Loss Prevention Investigator: “[b]arcoding really has no impact. All it does is identify that we have lost something by scanning it at the end of the day.” Furthermore, these targeted areas are usually brought to the retailer's attention once a store has been targeted by a thief or when stock fails to arrive from the distribution centre. It is in this light that barcodes offer knowledge through recording goods as damaged or by identifying targeted areas. As a result, barcodes play a minor role in a loss prevention strategy. EAS however, plays a more active role in loss prevention as an effective deterrent against theft.

4.2 Electronic article surveillance as a theft deterrent at the retail outlet

The retail organization currently utilizes EAS as part of its loss prevention strategy. The system's primary activity is to reduce theft within supermarkets and liquor stores. According to Lahiri (2006), EAS tags are generally unaffected by magnets and are available in various sizes to be applied [1]. The retailer uses a combination of adhesive and reusable EAS tags which are strategically fitted to certain products.

EAS antennas, also known as gateways, are installed at store entrances and exits (Figure 2). When a product with an active tag passes through a gateway, an alarm sounds to notify staff of possible theft. For the retailer's particular application, EAS tags are attached to products at the item-level. Tagged products generally include high theft lines and high dollar value items. Not all products were found to be tagged, in fact, most products were not secured by the EAS system. As expressed by the Loss Prevention Manager (1):

it's what we deem to be high-theft lines and obviously what our stores are recording as known stolen as well. So you look at the high-theft lines as well as the most attractive lines, some of it is going to be cost driven just by the unit price, in terms of what we put an EAS tag on. The retailer is currently testing new reusable EAS tags designed to be attached to liquor bottles.
Figure 2. EAS tag and EAS gates in a liquor store

Figure 2. EAS tag and EAS gates in a liquor store

Instead of using an adhesive tag, which is easily removed or a tag which is concealed within a packet, reusable tags are encased in high density plastic and manually fitted to products. Attached to the neck of a bottle with a zip locking mechanism, this new type of tag is removed by staff with a decoupling device at point of sale. As revealed by the Loss Prevention Manager (2): “[w]e are running trials at the moment on new tags in our liquor departments in five stores. They have been extremely successful, as they have minimized product shrinkage across our range of spirits by 62%, which is a great result.” Other than the obvious benefit of the tag's ability to be reused, this type of EAS tag has a number of other benefits. The tags are difficult to remove by hand, tagged products ‘standout’ and regularly deter thieves. “Many times I have seen people walk into a store and be overwhelmed by the EAS tagging” explained the Sydney-based liquor manager. The use of reusable tags by the retailer may help to minimize product shrinkage by deterring thieves, however, additional labor is required by retail employees to manually apply and remove tags.

Products bearing adhesive or concealed tags within a product's packaging are either tagged in-store manually by retail employees or source-tagged from the supplier. As revealed by the Store Trading Manager: “ …we have a specific list that we have got to stick to. A lot of the stock actually comes in pre-tagged now.” Source-tagged products provide the only example where EAS is used across the supply chain. However, by the same token, those tags remain idle until they come in contact with an EAS antenna or tag deactivator. As suggested by the Loss Prevention Manager (1), with the help of a recently designated Source Tag Manager the retailer is attempting to extend the ‘source-tagged list’ and push suppliers to tag products at the point of manufacture. Essentially, suppliers then take part in the overall process of applying EAS tags to products which will definitely reduce some overhead costs for the retailer. However despite this, it was found that the retailer's EAS system had a number of inefficiencies.

The retailer's thoughts on the overall performance of the system varied. One of the main questions relating to EAS was whether the technology was considered a deterrent or a total solution. All employees agreed that it was definitely a deterrent and it would be hard to find a total solution. As supported by the Loss Prevention Investigator: “[l]ook as a deterrent, yes. As I said before it's not the be-all and end-all. There's certainly some new stuff coming out.” As part of a loss prevention strategy, EAS was believed to be a deterrent on many occasions. When the Loss Prevention Manager (1) was asked for his opinion, he also said that it was a deterrent: “I wouldn't say it's a total solution. I suppose with any loss prevention initiative or procedure, there are thousands of bricks in the wall and EAS is one of those.” To further support the responses of the loss prevention staff, Lahiri also suggests that RFID is an “effective deterrent against theft” [2]. To be an effective anti-theft solution within a retail environment an EAS system is required to operate consistently and meet the demands of customer traffic. During initial testing phases of EAS systems some time ago, tests were conducted between two major brands. The Loss Prevention Manager (2) was asked whether he was happy with the overall performance of the EAS system: “Not really … I thought ‘X’ performed better than ‘Y’. But unfortunately we have invested in the ‘Y’ system.” This suggests that a retailer may not always consider an EAS system's level of performance a high priority. Other factors, such as the cost of a system may also have a direct effect on the retailer's willingness to invest in an anti-theft solution.

In one particular case, the way in which the system was installed revealed some drawbacks of the technology. When the Liquor Manager from one of the retailer's leading liquor stores was asked if he was happy with the overall performance of the system, he revealed “our gates leading out of our shop into the centre are too far apart, so there is a gap in the middle that can be exploited if you walk down the middle.” He believed that incorrect measurements had been made during the installation of the EAS system and as a result, he was unhappy with the overall performance of the system. An additional view which also supports a negative outlook on EAS was the way in which it can be exploited even when it has been correctly installed and functioning the way it was intended. According to the Loss Prevention Investigator:

Some of the practices of professional thieves and even people that associate with certain people within a community know how to beat EAS systems. The EAS tagging that we have can be ‘beaten’, three or four main ways and good crooks or people that associate with people that target our stores would know those ways of doing it.

This highlights the fact that an EAS system can be exploited by people who know about the technology. It was also understood by the Night-fill Captain that: “people are aware that EAS is out there, people know about it, so they can work around it.” Poor work practices at store level also contribute to the ineffectiveness of EAS. “Store practices have an effect. Double tagging, bending tags past 90 degrees, putting tags behind metal, those sorts of things all detract from the system,” explained the Loss Prevention Investigator. EAS tags are generally damaged because they are applied manually by hand, hence it is important to realize that retail employees play an active role in overall workings of an EAS system.

The Store Trading Manager highlighted the fact that the EAS system requires staff members to work as part of the system. Apart from manually attaching tags to products, staff members must react to the EAS alarm system and act accordingly. She said “I don't think the culture's there for it…” Occasionally staff members at point of sale do not respond to the alarm system appropriately. Employees either fail to respond to an alarm, or when a customer activates the alarm the employee assumes that they did not deactivate a tag and allow the customer to leave the store. In this typical scenario, the employee has not taken into account the possibility that the customer may in fact have a packet of batteries in their bag. The Store Trading Manager claimed that the EAS gates are not monitored properly and responding to the system's alarm is not always enforced by staff supervisors.

Retail employees agreed that EAS plays an important role in their loss prevention strategy. According to the Grocery Manager “at the moment, it's the best it can be.” If the EAS system is operating at an optimum level and in the way in which it was designed, it raises much concern when reflecting back on some of the short comings of the system. The retailer's EAS system may play an active role in minimizing product shrinkage at point of sale, but what about across the entire retail supply chain?

Section 5. Product shrinkage

To ensure stock levels are maintained in-store, an efficient supply chain is required to provide an uninterrupted supply of products for shelf replenishment. However, it is far from unusual to come across an empty shelf in a supermarket. On many occasions, this empty shelf can be directly linked to theft or unsupplied stock due to warehouse discrepancies, both of which contribute to product shrinkage — the retailer's dilemma. When Loss Prevention Manager (2) was asked whether product shrinkage was a major concern to his organization he replied: “[i]t's a huge problem, especially from distribution centre to retail outlet.” This concern reinforces the importance of this issue to the retailer and is fundamental to this study. But from a retailer's perspective, what actually constitutes product shrinkage?

5.1 Factors contributing to shrinkage

From the retailer's perspective, product shrinkage is broken into two main categories: known and unknown. “Loss Prevention Investigator: At the end of each half of the financial year we record an unknown shrinkage which is obviously the difference between our bookstock and our physical counts at stock take times. So there are two separate figures. ǀ Interviewer: So there is known and unknown? ǀ Loss Prevention Investigator: Yes.” The contributing factors of known shrinkage are calculated progressively throughout the financial year by the retailer. For example, the retailer may calculate that 75% of stock was lost due to warehouse discrepancies, 20% due to internal theft and 5% due to other sources. Whereas, the figure found for unknown shrinkage is calculated only twice a year by stock take and can be contributed to by any number of sources. It is significant that unknown sources were the largest contributor to product shrinkage (Store Manager; Store Services Manager).

According to the retailer's Grocery Manager of a supermarket in Sydney's south, product shrinkage is “damaged stock, theft, warehouse discrepancies, paper work errors; not checking stock correctly off invoices, recalled stock and withdrawn stock.” In the retail industry, poor stock control across the supply chain covers misrouted and unsupplied products due the common occurrence known as a warehouse discrepancy. More specifically, it was discovered that warehouse discrepancies were the largest contributor to product shrinkage. “Through experience I would say warehouse discrepancies, that's the biggest one,” explained the Store Trading Manager. A warehouse discrepancy was described as the difference in what the retailer is charged for, and what they actually receive from the warehouse or supplier (Loss Prevention Manager (1); Store Trading Manager). The Grocery Manager further supported this by stating: “[t]he main contributor is warehouse discrepancies and number two would be theft.” In this instance, it was discovered that the two main contributors to product shrinkage were warehouse discrepancies and internal and external theft. Warehouse discrepancies are largely a procedural based problem, as thoroughly explained by the Loss Prevention Manager (1):

Look there's a couple of thoughts on it. There has been some research done in the States, they tend to do most of the loss prevention type research. They tend to think that internal theft is probably the bigger contributor. I don't know if that would be the case, certainly external theft in [region] that I look after, the main core chunk of Sydney from eastern suburbs out to the western suburbs certainly external theft I think plays a bigger part than the actual internal theft. So you've got your internal paperwork errors and procedural errors which result in loss. You've got internal theft and certainly external theft and they're probably the three drivers for shrinkage. But certainly I can say within [region] external theft would probably play the predominant role. But if you look at it on a national basis procedures would probably tend to take over.

From this extract it was therefore discovered that the three main contributors to product shrinkage could be recognized in order of the severity in which they contribute as: (i) warehouse discrepancies (errors due to procedures); (ii) external theft; and (iii) internal theft. In a recent study conducted by the National Retail Security Survey, it was discovered that internal theft caused 46 percent and shoplifting caused 32 percent. This study takes an opposing stance compared to that of the Loss Prevention Manager (1) although external theft encompasses more than shoplifting alone. Figure 3 illustrates the breakdown of known and unknown sources to product shrinkage.

Figure 3. Contributing factors to product shrinkage

Figure 3. Contributing factors to product shrinkage

5.2 What products commonly constitute shrinkage?

Both high-end products and a variety of other products were found to contribute to product shrinkage. These included: batteries, razor blades, liquor and products from the health and beauty range. Table 1 summarizes the main types of products (including brand names) that were identified by all interviewees as items that constitute product shrinkage.

Table 1. Products and associated brands often named as contributing to product shrinkage by the retailer

Table 1. Products and associated brands often named as contributing to product shrinkage by the retailer

To support theories upheld by the retailer, similar results were found by the Food Marketing Institute in 2003. It was also discovered that items with a high resale value and items that are easily concealed could go missing at any point across the retail supply chain. The Night-fill Captain of one of the Sydney-based stores said: “[b]asically, it's anything they can get their hands on. If the consumer wants something they'll take it. The size is a variable; it doesn't really matter if they can sneak out of the store they'll get it out. People are pushing trolleys of stock, mountains stock out through liquor, with observant staff catching them, so size isn't really a factor.” However, what are the primary factors that have a direct influence on the possibility of a product being transported to the wrong store or the unknown disappearance of a particular product?

Section 6. Product shrinkage in the supply chain-a process, technology or people problem?

Contributing sources to product shrinkage are considered to originate from a process, technology or people problem. These three factors collectively create the foundation for product shrinkage and its regular occurrence in the retail industry. When the Loss Prevention Manager (1) was asked whether product shrinkage was a process problem, technology problem or people problem, he responded: “[a]ll three would contribute to it in some way.” The following retail based examples in Table 2 are to provide a context in which the three can be understood.

Table 2. Retail-based Examples of Process, Technology and People Problems in the Supply Chain

Table 2. Retail-based Examples of Process, Technology and People Problems in the Supply Chain

When the Loss Prevention Investigator was asked about his opinion on these three factors affecting product shrinkage, he replied:

I think it encompasses all of it. We certainly have some processes that need to be looked at. The way that our DC [distribution center] is structured, the way that they ship items from there certainly needs to be looked at and will be over a period of time. Obviously, to take out the human side of it would certainly help because unfortunately humans make mistakes and that does certainly cause some errors. The other side of it is theft which is very much a human side of it, people walking in and just stealing from us. And also poor practices in-stores also contribute where we don't follow our processes and procedures.

It was revealed in this case that both processes and people were a primary influence to the many sources of product shrinkage. The retailer was concerned about the processes involved at the distribution centre when organizing the transportation of goods across the retail supply chain. In addition, human error, poor practices in-store and theft were recognized as being contributors to the problem of product shrinkage.

The Store Services Manager also identified the issue of poor procedures when receiving goods at the back-dock as a process problem. “[T]here is no way that you can physically scan every item that comes in on the load. There's no way.” Employees involved in the study were asked when their superiors begin to ask questions about loss. As emphasized by the Store Trading Manager, based on previous audits a product shrinkage figure is predicted for each individual store: “[s]o if it's over that, then they will definitely come in and investigate and usually the first thing they look at is systems and procedures in the store. If they're not right then it's automatically the store's responsibility to get it right.” It was certainly recognized that procedures, closely connected to processes are critical in minimizing product shrinkage levels. These three factors may influence product shrinkage levels, but whereabouts does it occur across the retail supply chain?

Section 7. Where does product shrinkage occur?

Stores within each of the retailer's regions receive goods from both company owned warehouses and third party suppliers. Company owned warehouses consist of one regional distribution center (RDC) and five local distribution centers (DC). An RDC may supply products to hundreds of retail outlets, whereas a DC will only deliver goods to a designated region. The majority of stock is supplied from company owned distribution centers, yet interestingly there are more third party suppliers. Third party suppliers are external to the retailer and are known as direct suppliers. The retailer engages in hundreds of transactions with suppliers daily. All stock is ordered using an automatic stock ordering system. It was estimated by the Store Manager that approximately 200 transactions are made daily between his store and its suppliers. The Loss Prevention Manager (1) stated that a “continuous electronic barrage of orders” is required to keep retail outlets fully stocked in order to satisfy customer demands. Coordinating these orders across the entire retail supply chain and scheduling deliveries is an enormous task performed by the retailer using its warehouse and logistics services. During this process, product shrinkage occurs at various points, whether it be at the distribution centre, in-transit, or when a delivery is received by a back-dock attendant at a retail outlet. When the Loss Prevention Manager (1) was asked where most product shrinkage occurs across the retail supply chain he replied:

Look we are aware that you can have theft issues with truck drivers. Truck seals aren't put on, we know stock can go missing. We have had instances where drivers have been caught. I suppose our processes are not conducive to checking, so you're relying on what the DC says that they send you, is in fact what you are receiving. So if you have a store that has 10 palettes of stock delivered from a DC, unless we pick-up at store level the fact that we're missing something and it's pretty hard if you've got 10 palettes of stock, night-fill come in and fill it. Unless you do a line-by-line check, how do you know what's missing? And certainly the stores put in an order for X-amount we're trusting that that store will get X-amount, if they don't, a lot of that tends to go uncaptured. If you look at the case of say [Cold-Storage Logistics Company] which is one of our external suppliers, they warehouse it and distribute our cold stock, but there's massive issues with them. It's not uncommon for a load to come in several thousand dollars short. Do we pickup on that fact? No, we don't. Because it comes in, it goes into a cool room and then night-fill or then your perishable people will come through and fill, it's pretty hard to pickup on the fact that you're short on a line, it might be a couple of days down the track and you might say where's that? You then go through and make your stock adjustments so [automatic stock ordering system] will then reorder it, but by that time it's too late to put in a discrepancy. Big problems with [Cold Storage Logistics Company], the sooner that comes in-house so we get some better control of it the better.

Issues raised here by the Loss Prevention Manager are critical when recognizing the contributing factors of product shrinkage. Contributing factors across the retail supply chain include: (i) internal/external theft by vehicle drivers; (ii) assuming deliveries are correct; (iii) not realizing deliveries are missing stock; (iv) being too late to notify the automatic stock ordering system of a discrepancy; and (v) problems with direct suppliers e.g. the retailer's direct supplier of cold goods. These factors reveal that product shrinkage occurs at various points across the supply chain. The Liquor Manager also believes when an order made by the automatic stock ordering system is picked at the warehouse, the incorrect amount or type of product is often dispatched. Inconvenient and time consuming tasks, such as the process of having to return an incorrect order, are then necessary. Incorrect orders may require additional labor intensive tasks to be performed, however, there are more serious consequences that accompany product shrinkage.

7.1 The consequences of product shrinkage

There are a number of consequences that are directly related to product shrinkage. The primary consequence of product shrinkage is financial loss. When asked how much stock is lost over a period of 12 months, the Loss Prevention Manager (1) replied: “its millions of dollars in unknown shrinkage.” Product shrinkage is a relentless force in the retail industry and the loss it causes is extremely high. When the Loss Prevention Investigator was asked how much stock is lost, he said: “[s]ome stores will lose as little as 350,000 in six months.” In the Store Trading Manager's experience, unknown product shrinkage totaled $360,000 for a period of six months. Apart from the direct financial loss incurred other forms of loss involve additional costs (e.g. EAS systems, loss prevention staff), additional labor (e.g. security guards, manually applying EAS tags), and out of stocks (e.g. empty shelves effects sales levels and customer satisfaction). According to the Grocery Manager, due to theft alone prices can rise up to 15 percent ultimately affecting customers. If products can be accurately tracked across the supply chain it is anticipated that it will have a direct effect on product shrinkage.

Section 8. Tracking products across the supply chain

The retailer currently tracks products across the retail supply chain using a combination of barcodes and manual paper work procedures. When asked how products were tracked from distribution centre to retail outlet, the Store Trading Manager replied: “there's that big void in the middle where an order goes onto the load list and we can check it line-by-line if we want, but we just don't have the man power. It's not a standard thing that you check a load list line-by-line and given that here they get 30 to 35 pallets a night.” As this employee suggests, it is unfeasible to count each individual carton of a large delivery using existing procedures.

The distribution centre coordinates the largest deliveries to be transported to the retail outlet. Currently, employees rely on the DC to select the desired goods and ship them accordingly. The current system has the ability to track products to a certain extent, but acknowledged by the Grocery Manager “it's not 100% accurate, probably because they're expecting people at the warehouse to do it correctly.” As the DC is responsible for other discrepancies, it can be assumed that other procedures carried out at the same site are also heavily flawed. Deliveries may arrive at a store's back-dock missing a number of products, so how are products monitored during transportation?

The retailer uses Global Positioning Systems (GPS) as a means to track vehicles across the supply chain. Using a pre-planned route, GPS-enabled trucks are tracked from the distribution centre to the retail outlet. The system is designed to provide the geographical position of the truck during the transportation of goods. However, GPS does not provide information regarding the status of goods onboard. A number of voids exist across the retail supply chain where products fail to be accurately tracked. When asked if products were tracked across the supply chain, the Loss Prevention Manager (1) said: “[p]roducts aren't tracked. If you're talking about electronic tracking or things like that, then no.” In this response, the Loss Prevention Manager (1) is referring to new RFID systems designed to track products across the supply chain.

Section 9. The retailer's perceptions of RFID

Employees of the retailer were asked if they were aware of the latest RFID systems and their benefits. It was found that employees involved in the study had a positive outlook on new RFID technologies yet were unaware of the technologies' commonly reported primary benefits. Loss prevention employees had a far better understanding of the technology than managers from other departments. As explained by the Loss Prevention Manager (1): “I have a basic understanding. There are all sorts of things product tracking, inventory management, there's a whole range of things.” Furthermore, he explained:

I haven't done any research in it, there would be a whole range of things. There'd be all sorts of cost benefits there I would assume in inventory management right down to even, we may even be able to know the product size and weights in terms of transport we'd be able to work out to the nearest cubic centimeter how much stock we can fit on a truck. Whether we are being over charged in transport costs, for weight or pallet space or size, they'd probably be a whole range of hidden benefits there that you probably haven't even thought of before.

It was interesting to discover that loss prevention managers focused on secondary benefits of the technology. Rather than its ability to provide total visibility of stock across the supply chain and ultimately a means to minimize product shrinkage, employees concentrated on some of the benefits it could bring to point of sale. For example, the Loss Prevention Manager (1) recognized that “you can put X-amount of stock in a trolley with RFID that are all tagged, pass it through some antennas and you know exactly what went out of the store and if it was paid for.”

The Store Trading Manager claimed to have little knowledge of RFID as a technology with the ability to track products across the supply chain. However, she declared that it would definitely benefit the retailer as it would “probably reduce our shrinkage by a huge amount, not to mention the time spent actually adjusting the stock on hand because there have been miss-picks and things haven't gone right.” In this instance, the Store Trading Manager not only suggests that RFID is likely to minimize product shrinkage, but also the manual procedures. The Store Services Manager also had an appreciation for the technologies' ability to minimize manual procedures at store level. She claimed that less labor would be required when manually stamping products with the store stamp as a new RFID system would require suppliers to do it at the product's point of manufacture. She also believed that if the retailer was to implement an RFID system that its imperative that suppliers also be part of the overall system as “[i]t would be of no benefit otherwise.” The Store Services Manager believed that if such a system was introduced, their suppliers would most likely comply: “[t]he suppliers usually do come into line with any new systems that we are bringing in so I couldn't see that there would be a problem.” She also highlighted the fact that RFID tagging would most probably have an effect on the total price of a product, but she believed that this increase could be counteracted if product shrinkage was kept to a minimum.

An organization willing to adopt a new RFID system must be able to see potential for a return on investment (ROI). When the Loss Prevention Manager (1) was asked whether he thought the retailer would ever be interested in investing in an RFID solution he responded: “[t]here's always that cost versus benefit exercise and if the sums are right, then yes.” As identified by Global Standards One, in the case study called the Australian Demonstrator Project (which claimed to be Australia's first case study), it was revealed that it is “necessary to estimate the potential benefit that will come from deploying RFID and improving the business process using the data that the system provides” [2]. It is in this light, that testing an RFID system is highly recommended prior to total rollout as it assists in building an expected ROI.

Section 10. Conclusion

It was discovered that the retail organization currently utilizes two technologies as part of a loss prevention strategy; a barcode auto-ID system and an EAS anti-theft system. Operating independently, it was revealed that both technologies possess a number of limitations which consequently present adverse challenges to the retailer. The barcode system can record damaged products and detect targeted products or areas, yet the technology plays a minor role as part of the retailer's loss prevention strategy. Even though the retailer was currently testing a new EAS system throughout five liquor stores, the technology was still considered a deterrent rather than a total solution. It was also discovered that professional thieves avoid triggering the alarm using a variety of methods and staff members regularly neglect standard procedures readily relied on by the EAS system. These inadequacies expose a weakness in the retailer's loss prevention strategy as a result effecting product shrinkage levels. Made up by contributing sources, the two main categories of product shrinkage identified were known and unknown, with unknown representing a larger value of the two. Contributing factors to product shrinkage were found to come from a diverse range of sources and through various activities. Warehouse discrepancies and theft were identified as the two highest sources of product shrinkage. Whether it involved a standard company procedure or an illegal activity, it was found that during most of these events provisions were lacking to effectively counteract these activities. It was verified, particularly by loss prevention staff members that all sources originated from the combination of three factors; process, technology and people. Furthermore, the loss prevention department claimed that product shrinkage across the supply chain was one of the department's main challenges, especially when transferring goods from distribution centers to retail outlets. This dilemma necessitates an alternative solution be found to minimize product shrinkage across the retail supply chain.


1. S. Lahiri, RFID Sourcebook, Upper Saddle River:IBM Press, Pearson Education, pp. 77, 2006.

2. Australia (2006) EPC Network Australian Demonstrator Project Report, September 2006.

IEEE Keywords: Supply chains, Radiofrequency identification, Australia, Marketing and sales, Information systems, Humans, Error correction, Control systems, Merchandise, Electrical products

INSPEC: supply chain management, business data processing, fraud, radiofrequency identification, stock control, RFID, product shrinkage across minimization, supply chain, major Australian retailer, anti-theft technology, loss prevention, radio frequency identification technology, internal theft, external theft, shop return fraud, poor stock control, poor stock rotation, lost products, product spoilage

Citation: Nick Huber, Katina Michael, 2007, "Minimizing Product Shrinkage across the Supply Chain using Radio Frequency Identification: a Case Study on a Major Australian Retailer", ICMB 2007. International Conference on the Management of Mobile Business, 2007, 9-11 July 2007, DOI: 10.1109/ICMB.2007.43

Control, trust, privacy, and security: LBS


Location-based services (LBS) are those applications that utilize the position of an end-user, animal, or thing based on a given device (handheld, wearable, or implanted), for a particular purpose. LBS applications range from those that are mission-critical to those that are used for convenience, from those that are mandatory to those that are voluntary, from those that are targeted at the mass market to those that cater to the needs of a niche market. Location services can be implemented using a variety of access media including global positioning systems and radio-frequency identification, rendering approximate or precise position details.

The introduction of location-based services, which are growing in sophistication and complexity, has brought with it a great deal of uncertainty. Unaddressed topics include: accountability for the accuracy and availability of location information, prioritization and location frequency reporting, the user's freedom to opt-in and opt-out of services, caregiver and guardian rights and responsibilities, the transparency of transactions, and the duration of location information storage. Some of these issues are the focus of court cases across the United States, usually between service providers and disgruntled end-users or law enforcement agencies and suspected criminals.

While we can wait for the courts to set precedents and then take legislative action to learn about how we should act and what we should accept as morally right or wrong, this is only a small part in considering the emerging ethics of an innovation such as location-based services. Laws, similar to global technical standards, usually take a long time to enact. A more holistic approach is required to analyze technology and social implications. This article uses scenarios, in the form of short stories to summarize and draw out the likely issues that could arise from widespread adoption of LBS. It is a plausible future scenario, grounded in the realism of today's technological capabilities.

Role of Scenarios in the Study of Ethics

Articles on ethics in engineering and computing, for the greater part, have been about defining, identifying and describing types of ethics, and emphasizing the importance of ethics in the curriculum and the workplace. A small number of ethics-related studies more directly concerned with invention and innovation consider the possible trajectories of emerging technologies and their corresponding social implications [1], [2]. Within the engineering field, these studies commonly take on the guise of either short stories or case-based instruction [3], [4]. This article uses scenario planning to identify the possible risks related to location-based services in the context of security and privacy. While “day-in-the-life scenarios” have been popular in both human-computer interaction and software engineering studies, they have not been prevalent in the ethics literature [5].

When is a person sufficiently impaired to warrant monitoring?

The most well-known usage of stories related to ethical implications of technology have been constructed by Richard G. Epstein [6]. His 37 stories in the Artificial Intelligence Stories Web are organized thematically based on how the human experience is affected by the technology [7]. Of fiction, Epstein writes that it is “a great device to help one envision the future and to imagine new concepts and even applications” [8]. His Silicon Valley Sentinel-Observer's Series ran as a part of Computers and Society [9]. John M. Artz has written about the importance of stories advancing our knowledge when exploring areas where we do not fully understand a phenomenon [10]. Artz calls stories and our imagination “headlights” that allow us to consider what might lie beyond: “[c]onsider imagination as the creative capacity to think of possibilities. Imagination lets us see the world, not as it is, but as it could be. And seeing the world as it could be allows us to make choices about how it should be.” In 1988, Artz indicated the shortage in short stories in the field, and this paper addresses the shortage by focusing on LBS.

The definition of a scenario used in this paper is “[a]n internally consistent view of what the future might turn out to be” [11]. Scenarios can be used to combine various separate forecasts that pertain to a single topic [12], designed to provide an overall picture of a possible future, and to describe this future in such a way that it is accessible to a layperson in the subject. According to Godet a scenario “must simultaneously be pertinent, coherent, plausible, important and transparent” [13].

The Track, Analyze, Image, Decide, Act (TAIDA) scenario planning framework is used here with respect to LBS to i) identify aspects of the current situation that may have an impact on the future under consideration; ii) deliberate on the possible future consequences of the aspects identified in tracking; iii) approach possible changes intuitively to create a plausible future, “to create not only an intellectual understanding but also an emotional meaning,” iv) determine what should be done about a given scenario in response to issues raised, and v) offer recommendations that will address these issues [14]. Analysis of the future scenario presented will be conducted using deconstruction to draw out the social implications. Deconstruction is an approach to literary analysis that aims “to create an interpretation of the setting or some feature of it to allow people… to have a deeper understanding” [15].

The Roman philosopher Seneca said: “[t]here is no favorable wind for the man who knows not where he is going” [13]. There is certainly merit in exploring the potential effects of LBS before they occur. As Michael and Michael highlight: “[m]ost alarming is the rate of change in technological capabilities without a commensurate and involved response from an informed community on what these changes actually “mean” in real and applied terms, not only for the present but also for the future” [16]. “[T]oday's process of transition allows us to perceive what we are losing and what we are gaining; this perception will become impossible the moment we fully embrace and feel fully at home in the new technologies” [17].

The scenario “Control Unwired” continues five short stories and is set in Australia. The critical analysis that follows is also presented within a predominantly Australian context.

Control Unwired

Vulnerability-The Young Lady

The street appeared to be deserted. Kate wasn't surprised – this part of town always quieted down at night, especially on weekday evenings like this one. There wasn't much around except office buildings and coffee shops that served to provide a steady stream of caffeine to the office workers.

If a person's resistance is bypassed or circumvented, their adaptive capacities can be overloaded, inducing feelings of desperation and helplessness.

Kate fished her smart phone out of the pocket of her grey suit jacket [18], [19]. Pressing a few buttons, she navigated through the on-screen menu to the Services option, then to Call a Taxi [20]. The device beeped at her, flashing the message: No signal available [21].

Kate swore, shoving the PDA back into her bag. The surrounding buildings must have been blocking the GPS signal [22]. She knew she needed to get to a more open area.

What a pain, she thought. They overload me with cases, expect me to stay late, and then the gadget they give me to get home doesn't work.

Although Kate was irritated more than anything else, there was a niggling sort of apprehension in the pit of her stomach. She felt alone – very alone, and not at all comfortable being by herself, at eleven in the evening, in a deserted place.

Shaking off the uneasiness, she berated herself. Get a grip, Kate. You're not a child.

As Kate strode off, a dark shadow detached from a nearby alleyway. It followed, silently, at a distance, keeping out of the dim pools cast by the streetlights.

Unfortunately, Kate didn't know which direction she should go to find a clear space for her phone to get a fix on her location.

If I keep heading the same way, she thought, I'm bound to find somewhere sooner or later.

The surrounding structures were slightly lower here, the taller office blocks just down the road. As Kate walked, the shadow some way behind flickered in the wind, as though it were wearing a long coat. It followed stealthily, steadily decreasing the distance between itself and Kate.

Suddenly, Kate's phone bleeped for attention. Kate pulled it out of her bag again and read the message on the screen: Signal acquired.

“Finally,” she breathed. Quick fingers navigated back to the Call a Taxi command. The phone gave a comforting reassurance that a taxi was on its way, with an estimated arrival time of less than a minute [23].

The shadow hung back, unsure, watching.

Within thirty seconds of making the call, a taxi veered out of nowhere and pulled to an abrupt stop alongside Kate. She opened the door and slid into the back seat.

As the taxi pulled away, the shadow shifted slightly and melted back into the darkness.

Liberty-The Husband and His Wife

The next day, the sun filtered into an east-facing bathroom window, where a man stood studying himself in the mirror.

Slight lines crinkled the skin near his eyes and mouth. His hair was still quite thick and healthy, but flecked with the salt-and-pepper grey of an aging man. Although Colin was well past his sixtieth birthday, he could have easily passed for a man in his fifties.

Suddenly, the telephone rang. Colin paused for a moment, listening – the ring only sounded in the bathroom [24]. The kitchen, bedroom, and lounge room were all silent.

“Even the damn phone knows where I am,” he muttered, shaking his head. He touched the hard lump of the RFID tag that was stitched into the hem of his shirt [25], [26]. “Helen, not again!”

Colin stabbed at an unobtrusive button on the bathroom wall, [27] and his reflection instantly gave way [28] to the face of an attractive woman with bobbed blonde hair [29] – Helen, his wife, calling from the airport in Hong Kong.

“Oh sweetheart, you look tired.” Helen sounded concerned.

Colin shrugged. “I don't feel tired. I think I just need to get some fresh air.”

“Open the window, then. It might make you feel better.”

Colin thought that what would make him feel better was a nice long walk without his wife checking up on him every five minutes.

“You haven't been to the cupboard yet to take your morning medicines,” Helen said.

“Why don't you stop pussyfooting around and just inject me with one of those continuous drug delivery things?” [30], Colin frowned.

Helen smiled. “Great idea,” she teased. “We could put a tracking chip in it too. Two birds, one stone” [31].

“At least then I wouldn't have to wear this stupid bracelet [32]. They're made for kids [33], Helen.” Colin knew his wife was joking, but the truth was that he often did feel like a recalcitrant child these days.

“Well,” Helen replied, “If you didn't insist on being so pig-headed, you wouldn't have to wear it. I was terrified when you collapsed. I'm not going to let it happen again. This way I know you're not gallivanting about without someone to look after you.”

“Ever considered that I can take care of myself? I'm not a child.”

“No, you're not. And you're not a young man either,” Helen admonished. “You need to accept that with your condition, it's just not safe to be going off by yourself. What if something happened to you? Who would know? How would we find you?”

“I feel like a prisoner in my own home, Helen. I can't even take the thing off without you knowing about it. You know they use these for prisoners?”

“Parolees, dear. And they're anklets.” She leaned in closer to the screen. “Someone needs to take care of you, Colin. If you won't, I'll have to do it myself.”

Colin sighed. “You just don't understand what it's like to be getting… older. Not being able to do everything you used to. Being betrayed by your own body. It's bad enough without you babying me along like some kind of octogenarian invalid.”

“Well, I guess that's the downside to marrying a woman almost twenty years younger than yourself,” Helen grinned.

“The only downside.” Colin smiled back at her, but his heart wasn't really in it. They had been through this argument countless times before.

He changed the subject. “Heard from our dear daughter lately? Or Scott?”

“Kate called me last night. She's doing well.”

“How's her new job?” Colin asked.

“Well, she says she enjoys it, but she's working very long hours,” Helen replied.

“And I bet you're worried about her being alone in the city at night for five minutes,” Colin said.

Helen gave a self-conscious smile. “It's not a very nice part of town. I'll feel much better about her working late when the firm moves closer to the inner city.”

“And Scott?”

“Haven't heard from him. He's back in Sydney now, though. I wish he'd call.”

“Maybe if you weren't always pestering him to marry his girl from Melbourne, he'd call more,” Colin grinned.

Helen glanced up, away from the screen.

“Sweetheart, I have to go – they've just given the final boarding call for my flight. Enjoy the rest of your day. I'll see you when I get home tonight.” She blew a rather distracted kiss at the screen, then it went blank.

Colin's shoulders sagged. Alone again.

He shuffled into the kitchen to make breakfast. Helen had left him skim milk and pre-packaged porridge oats.

“Wow,” he muttered. “Cosmic Blueberry or Bananarama? Such decisions.”

Just as Colin was finishing off the last few spoonfuls, the watch on his wrist emitted a low beep. He glanced at the screen: Low battery – critical.

Colin smiled. The device had been flashing low battery messages intermittently since yesterday evening. It had less than three days' standby time, and being on a business trip, Helen wasn't around to make sure it got recharged [34].

The screen on the little device winked out.

Munching on his porridge, Colin reached over to the cutlery drawer and took out the kitchen scissors. Very carefully, he snipped out a neat little rectangle from the hem of his shirt. The RFID tag came with it.

He swallowed down the rest of his breakfast and tossed the tag onto the counter.

Colin was going for a walk.

No alert went out to Helen. No neighbors came hurrying to see what he was doing. He reveled in the possibility of heading out without someone watching his every move [35].

Colin wandered off, his own man, if only for a morning.

Association-The Friends and Colleagues

“Hey Janet. Sorry I'm late.” Scott slid into the other seat at the table.

Janet sighed, pushing a latte and a sandwich towards him. She'd already finished her coffee. She gestured to her PDA. “These gadgets do everything. They compare our schedules, pick a place convenient to both of us, make sure there's something vegetarian on the menu for me, and book a table. Pity they can't get you here on time too.”

“I'm sure it's on the horizon,” Scott joked. “So how's life in the Sydney office?”

“All right. The weather makes a nice change. How about your parolees?”

Scott laughed. “There's a lot more of them. In Melbourne I had fifty or sixty cases at once. Now I've been allocated more than a hundred.” He bit into his sandwich. “With less parole officers able to handle more cases, I guess I'm lucky to have a job,” he continued with his mouth full [36].

Janet raised her eyebrows. “With a lot of women intolerant of bad table manners, you're lucky to have a girlfriend. I assume the workloads are greater because they use those chips here?”

“The caseload is greater, the workload is the same – yeah, because of the chips” [37]. He smiled. “It's crazy that New South Wales is already trialing these tracking implants, while Victoria's only recently got a widespread implementation of the anklets [38]. They've been around commercially for years. Mum's got Dad wearing a tracking watch now, for peace of mind after the whole angina scare.

“But the implants are much better,” Scott continued. “Who wants a chunky anklet or bracelet that makes you look like a collared freak? I'll bet it's really disconcerting having people stare at you suspiciously in the street, knowing that you're a criminal. It kind of defeats the purpose of parole – the idea is rehabilitation, reintegration under supervision. That's why the implants are so good – there's no stigma attached. No one can even tell you have one. And they're harder to remove, too.”

“I don't see what the big deal is,” Janet replied. “Why not just keep people under lock and key?”

“Resources. It costs a lot to keep someone imprisoned, but the cost drops significantly if you imprison them in their own home instead [39]. It's about overcrowding, too – jails everywhere have had an overcrowding problem for years [40].

Can it be considered reasonable to impinge upon the freedom of someone who is merely suspected of committing a crime?

“I also think electronic monitoring and parole are much better in terms of rehabilitation,” Scott went on. “People can change [41]. Often they've committed a fairly minor crime, then they go to prison, get mixed up with worse crowds [42]–[43][44]. It can be pretty rough in there. There is certainly a danger that by imprisoning people with ‘harder’ criminals, you run the risk of corrupting them further and exacerbating the problem [40].

“On parole, they can still go to work and earn money, be productive members of society, get their lives back [44], [45]. But they're watched, very closely – the tracking systems alert us if anything looks off. It's imprisonment without prisons.”

Janet smiled. “That's very Alice in Wonderland. When the Cheshire Cat disappears – how does it go? ‘I've often seen a cat without a grin, but a grin without a cat is the most curious thing I ever saw in all my life!'”

Scott laughed. “I suppose you could compare it to that.” He noted Janet's skeptical look. “It's not like we're sending people out of jails willy-nilly. There is a pretty thorough system in place to determine who gets paroled and who doesn't.”

“So how does that work?” asked Janet.

“Well, a while ago it was mainly based on crime-related and demographic variables. We're talking stuff like what sort of offense they're doing time for, the types of past convictions on their record, age, risk of re-offending” [46].

She nodded.

“Now a bunch of other things are looked at too,” he continued, finishing off his sandwich. “It's a lot more complex. Psychological factors play a big part. Even if someone displays fairly antisocial traits, they're still considered pretty low risk as long as they don't also show signs of mental illness” [47].

“So prisons are the new asylums?” Janet frowned.

“Not quite but I see your point,” Scott admitted.

“What about terrorists?” Janet argued. “How can you guarantee that there won't be another incident like the Brisbane rail bombings”[48]?

“Like I said, anyone considered really dangerous is still kept in a regular prison,” Scott said. “All the major landmarks and places people congregate in Sydney are tagged anyway [49]. There's no way a convicted terrorist would get within a hundred meters of anything worth attacking.”

Janet raised her eyebrows, unconvinced. She thought of the newspaper reports about security breaches of public places that had been linked to professional cybervandals. As far as she was concerned, no new technology was the silver bullet.

Scott continued, “And you know that governmental powers now allow ‘persons of interest’ to be implanted as well.”

Janet shook her head. “I'm all for preventing terrorist attacks. But implanting people who haven't committed a crime? How far will they take it? What if the government decided that they should just track everyone, to be on the safe side?”

Scott shrugged. “I guess we just need to find a nice balance between personal freedom and national security.”

He glanced at his watch and pushed his chair back. “I need to get back to work,” he said apologetically.

Policing-The Officer and the Parolee

Scott paused on the landing in front of Doug's apartment and steeled himself. Doug was his last visit of the day. Scott was a fairly likeable guy and had a rapport with most of his cases, but Doug, convicted of aggravated sexual assault, was different [50].

Scott knocked on the door.

A few seconds passed, then it opened a fraction and a stubbled face peered out. Doug wore a stained long-sleeved shirt and ratty jeans.

“Scott,” he sneered. “So nice of you to drop by.”

“Let's just do this, Doug.”

Scott followed Doug into the living room. He pulled out a small device and waved it up and down the man's left arm. It beeped and Scott checked the screen.

“Your chip seems fine,” he said. “Just a routine check – we like to do one every now and then to make sure everything's okay. Congratulations on your new job, by the way. How do you like house painting?”

“My true bloody calling,” Doug leered.

“Er… great. Keep it up then. With good behavior like this you'll be done in no time.”

Scott felt relieved that he would no longer have to sift through Doug's daily tracking logs.

Doug just smiled.

Duplicity-The Victim

Doug waited more than two hours after Scott left before removing his shirt. He peeled off the electrical tape covering an ugly, ragged scar on his upper arm [51]. The scar wasn't from the chip's implantation. It was created by the deep cut Doug's heavily pierced cyberpunk friend had made to remove it [52].

The tiny chip – smaller than a grain of rice – was stuck to the back of the tape. Gingerly, Doug set it on the table in front of the TV and smiled. His chip was having a night in.

He was going out.

Doug pulled his shirt back on and shrugged into a long coat.

He knew there would be a young woman in a grey suit leaving her office soon. She worked at the law firm that was hot stuff in the news. Stupid really, he thought, that she's not afraid to wander the streets in that part of town at night, alone. A Smart girl like that should know better.

The stairwell was quiet. He slipped out into the darkness, a shadow among the other shadows.

He wanted to pay that attractive little lawyer a visit before she caught her taxi home.

Critical Analysis

Legal and Ethical Issues

According to Ermann and Shauf, our “ethical standards and social institutions have not yet adapted… to the moral dilemmas that result from computer technology” [53]. This has a great deal to do with the way Helen uses the LBS technologies available to her. In Liberty, Helen obviously cares about her husband and wants what is best for his health. She is willing to “help” Colin look after himself by monitoring him and restricting the activities she allows him to participate in, especially when he is alone. It is not too difficult to imagine this happening in the real world if LBS becomes commonplace. It is also conceivable that, for some people, this power could be held by a hospital or health insurance company. However, Helen fails to balance her concern for her husband's physical welfare with his need to be an autonomous being. Although LBS technologies are readily available, perhaps she has not completely thought through her decision to use these technologies to monitor Colin, even if it is ostensibly for his own good. It could even be seen as selfish.

The current climate is indicative of individuals' willingness to relinquish their privacy (or at least someone else's) for the sake of impenetrable security.

Consideration of legal issues is also important – it does not appear that there is any specific Australian legislation that covers the unique possibilities of LBS tracking. One situation that is likely to appear with more frequency is people using LBS technologies to monitor loved ones “for their own good.” Several issues are raised here. When is a person sufficiently impaired to warrant such monitoring? Should their consent be necessary? What if they are considered to be too impaired to make a rational decision about monitoring?

Autonomy is an important part of a person's identity. Resistance to a situation is often unconsciously employed to “preserve psychically vital states of autonomy, identity, and self-cohesion from potentially destabilizing impingements” [54]. If a person's resistance is bypassed or circumvented, their adaptive capacities can be overloaded, inducing feelings of desperation and helplessness. The natural reaction to this is to exert an immediate counterforce in an attempt to re-establish the old balance, or even to establish a new balance with which the individual can feel comfortable [54].

These ideas about autonomy, identity and resistance are demonstrated in Liberty through Colin. He experiences feelings of helplessness and vulnerability because of his loss of autonomy through constant LBS monitoring. His unsupervised walk can be seen as an attempt to redress the balance of power between himself and Helen. With these issues in mind, perhaps the kindest and least disruptive way to implement a monitoring program for an aging individual is to develop a partnership with that person. In this sort of situation, LBS tracking can be a joint process that “is continually informed by the goal of fostering… autonomy” [54].

Another significant legal and ethical issue is that of monitoring people such as those suspected of being involved in terrorist activities. As hinted at in Association, this is not mere fancy – the Australian Government, for example, has passed new anti-terrorism laws that, among other things, would give police and security agencies the power to fit terror suspects with tracking devices for up to 12 months [55].

This kind of power should give rise to concern. Can it be considered reasonable to impinge upon the freedom of someone who is merely suspected of committing a crime? For tracking implants especially, do governments have the right to invade a personal space (i.e., a person's body) simply based on premise?

Criminals give up some of their normal rights by committing an offense. By going against society's laws, freedoms such as the right to liberty are forfeited. This is retributivism (i.e., “just deserts”). The central idea is proportionality: “punishment should be proportionate to the gravity of, and culpability involved in, the offense” [40]. With no crime involved, the punishment of electronic monitoring or home detention must be out of proportion.

The threat of terrorist attacks has led the Australian Government to propose giving itself extraordinary powers that never could have been justified previously.

With measures such as those in Australia's counter-terrorism laws, there is obviously a very great need for caution, accountability, and review in the exercise of such powers. Gareth Evans, the former Australian Labor foreign minister, commented on the laws by saying:

“It is crucial when you are putting in place measures that are as extreme in terms of our libertarian traditions as these that there be over and over again justification offered for them and explanations given of the nature and scale of the risk and the necessity… it is a precondition for a decent society to have that kind of scrutiny” [56].


The July 2005 London subway bombings are the justification offered repeatedly by Australian Prime Minister John Howard for the new laws, reinforced by Australian Secret Intelligence Organization (ASIO) director-general Paul O'Sullivan. However, this “justification” ignores the reality that “the London bombers were ‘clean skins' who had escaped police notice altogether” [57]. Tagging suspicious people cannot keep society completely safe.

We do not make a judgment on whether pre-emptive control legislation is proper or not. We suggest, however, that the laws recently enacted by the Australian Federal Government (and agreed to by the Australian States) could be indicative of a broader trend.

John Howard said that “in other circumstances I would never have sought these new powers. But we live in very dangerous and different and threatening circumstances… I think all of these powers are needed” [58]. Could the same argument be used in the future to justify monitoring everyone in the country? If pre-emptive control is a part of government security, then widespread LBS monitoring could be the most effective form of implementation.

Without suggesting the potentially far-fetched Orwellian scenario where draconian policies and laws mean that the entire population is tracked every moment of their lives, there is an argument to be made that the current climate is indicative of individuals' willingness to relinquish their privacy (or at least someone else's) for the sake of impenetrable security.

Social Issues

Control emerges as a significant theme in the scenario Control Unwired. Even in LBS applications that are for care or convenience purposes, aspects of control are exhibited. The title reflects the dilemma about who has control and who does not. For example, in Vulnerability, Kate experiences a loss of control over her situation when her GPS-enabled smart phone does not work the way she wants it to work, but a sense of control is restored when it is functioning properly again. Helen has control over Colin in Liberty, and in turn Colin has little control over his own life. In both Association and Policing we see how Scott uses LBS every day as a control mechanism for parolees. Finally, in Duplicity, the question arises whether faith in this sort of control is fully justified.

Trust is a vitally important part of human existence. It develops as early as the first year of life and continues to shape our interactions with others until the day we die [59]. In relationships, a lack of trust means that there is also no bonding, no giving, and no risk-taking [60]. In fact, Marano states:

“[w]ithout trust, there can be no meaningful connection to another human being. And without connection to one another, we literally fall apart. We get physically sick. We get depressed. And our minds… run away with themselves” [59].

An issue that arises in Liberty is that of trust, recalling Perolle's notion of surveillance being practiced in low-trust situations and the idea that the very act of monitoring destroys trust [61]. We can see this happening in the Colin/Helen relationship. Helen does not trust Colin enough to let him make his own decisions. Colin does not trust Helen enough to tell her he is going out by himself, without any kind of monitoring technology. He resents her intrusion into his day-to-day life, but tolerates it because he loves his wife and wants to avoid upsetting her. Their relationship could be expected to become increasingly dysfunctional if there is a breakdown of trust. It is near impossible to predict the complex effects of LBS when used to track humans in this way, especially as each person has a different background, culture, and upbringing. However, if Perolle [61] and Weckert [62] are agreed with, these types of technological solutions may well contribute to the erosion of trust in human relationships – what would this entail for society at large? Freedom and trust go hand-in-hand. These are celebrated concepts that have been universally connected to civil liberties by most political societies.

Technological Issues

There is a widely held belief that it is how people use a technology, not the technology itself, that can be characterized as either good or bad. People often see technology as neutral “in the sense that in itself it does not incorporate or imply any political or social values” [63]. However, there are other researchers who argue that technology is not neutral because it requires the application of innovation and industry to some aspect of our lives that “needs” to be improved, and therefore must always have some social effect [63]. The LBS applications in the scenario all appear to show aspects of control. This would suggest that the technology itself is not neutral – that LBS are designed to exercise control.

Control Unwired seems to echo Dickson's argument that technology is not neutral because of its political nature: “dominating technology reflects the wishes of the ruling class to control their fellow men” [63]. We can certainly see elements of this idea in the scenario. All of the LBS functions depicted are about control, whether it be control over one's own situation (Vulnerability), caring control of a loved one (Liberty), or forced control over parolees (Association, Policing, and Duplicity). These situations imply that LBS is not neutral, and that the technology is designed to enhance control in various forms.

Some believe that technology is the driving force that shapes the way we live. This theory is known as technological determinism, one of the basic tenets of which is that “changes in technology are the single most important source of change in society” [64]. The idea is that technological forces contribute to social change more than political, economic, or environmental factors. The authors would not go so far as to subscribe to this strongest sense of technological determinism doctrine. The social setting in which the technology emerges is at least as important as the technology itself in determining how society is affected. As Braun says: “[t]he successful artifacts of technology are chosen by a social selection environment, [like] the success of living organisms is determined by a biological selection environment” [65]. Technologies that fail to find a market never have a chance to change society, so society shapes technology at least as much as it is shaped by technology. In this light, Hughes's theory of technological momentum is a useful alternative to technological determinism: similar in that it is time-dependent and focuses on technology as a force of change, but sensitive to the complexities of society and culture [66].

Technological potential is not necessarily social destiny [67]. However, in the case of LBS, it is plausible to expect it to create a shift in the way we live. We can already see this shift occurring in parents who monitor their children with LBS tracking devices, and in the easing of overcrowding in prisons through home imprisonment and parole programs using LBS monitoring.

As described previously, the threat of terrorist attacks has led the Australian Government to give itself extraordinary powers that never could have been justified previously. In this situation, LBS has enabled the electronic monitoring of suspicious persons; however, it is not the technology alone that acts as the impetus. Pre-emptive electronic tracking could not be put in place without LBS. Neither would it be tolerated without society believing (rightly or not) that it is necessary in the current climate.

The scenario also demonstrates that technology and society evolve at least partially in tandem. In Association, through the conversation between Scott and Janet, we learn that LBS tracking implants were not introduced simply because they were technically feasible. The reasons for their use were to reduce overcrowding in prisons and to mitigate the burden of criminals on the ordinary taxpayer. Social and economic factors, as well as technological ones, contributed to this measure being taken.

Although technology is not the sole factor in social change, and arguably not the most important, LBS are gaining momentum and are likely to contribute to a shift in the way we live. This can be seen both in the scenario and in real-life examples today. Throughout Control Unwired we can see LBS becoming an integral part of daily life. If this does happen, consideration must be given to what will happen if the technology fails – which it inevitably will. No technology is completely perfect. There are always shortcomings and limitations.

Examples of deficiencies in LBS technologies can be found scattered throughout the scenario. In Vulnerability, Kate appears to be over-reliant on LBS (why does she not simply call a taxi from her office before leaving?) and when the technology fails, it creates a potentially dangerous situation. Even more dangerous circumstances occur in Duplicity. Doug, a convicted sex offender, is able to break his curfew without anyone knowing. Perhaps measures could be implemented to stop such breaches from going undetected, but that would not stop them from happening altogether. One U.S. study found that about 75 percent of electronically monitored “walk offs” were re-apprehended within 24 hours [45]. That means a quarter went free for more than a day – plenty of time to commit other offences. And, although the offender may be caught and punished, it is difficult to remedy the damage done to an individual who is robbed or assaulted.

And no technology is completely fail-safe. Even electricity, a mainstay of daily life, can suddenly fail, with socially and economically devastating effects. Most of Auckland, New Zealand, went without power for five weeks during a massive blackout in 1998 [68]. A 1977 electricity outage in New York led to widespread looting, arson and urban collapse [69]. If we become as reliant on LBS as we have become on other technologies like electricity, motor vehicles, and computers, we must be prepared for the consequences when (not if) the technology fails.

Risk to the Individual Versus Risk to Society

Any technology can be expected to have both positive and negative effects on individuals and on the wider community. Emmanuel Mesthane of Harvard's former Technology and Society Program wrote: “[n]ew technology creates new opportunities for men and societies and it also generates new problems for them. It has both positive and negative effects and it usually has the two at the same time and in virtue of each other” [70]. From Table I, it is obvious that there is an inherent trade-off between the interests of the individual and the interests of society as a whole: the privacy of the individual is in conflict with the safety of the broader community. As G.T. Marx reflects, “[h]ow is the desire for security balanced with the desire to be free from intrusions” [71]? This work is certainly not the first to allude to this issue. For example, Kun has said that “perhaps one of the greatest challenges of this decade will be how we deal with this theme of privacy vs. national security” [72].

Table I  Positives and negatives of LBS for different user types

Table I Positives and negatives of LBS for different user types

The original contribution of this article is that the dilemma has been related specifically to LBS, under the privacy-security dichotomy [73]. Here, each side of the dichotomy is divided into three key components that combine to greatly magnify risk. Removing one or more components for each set decreases the privacy or security risk. Where more elements are present in conjunction, the risk is increased.

Significant privacy risk occurs when the following factors are present (Fig. 1):

Fig. 1 Privacy Risk

Fig. 1 Privacy Risk

  • Omniscience — LBS tracking is mandatory, so authorities have near-perfect knowledge of people's whereabouts and activities.

  • Exposure — security of LBS systems is imperfect, leaving them open to unauthorized access.

  • Corruption — motive exists to abuse location-related data. This includes unauthorized or improper changes, thus compromising content integrity.

It is not difficult to see why the danger in this privacy-risk scenario is so great. A nation with “all-knowing” authorities means that a large amount of highly sensitive information is stored about all citizens in the country. Security of electronic systems is never foolproof. And, where there is something to be gained, corrupt behavior is usually in the vicinity. The combination of all three factors creates a very serious threat to privacy.

Significant security risk occurs with the following conditions (Fig. 2):

  • Limitedness — authorities have limited knowledge of people's activities.

  • Vulnerability — security of individuals and infrastructure is imperfect.

  • Fraudulence — motive exists to commit crimes.

Fig. 2 Security Risk

Fig. 2 Security Risk

This security-risk dimension is a life situation that people have to contend with in the present day: limitedness, vulnerability, and fraudulence. Law enforcement authorities cannot be everywhere at once, nor can they have instant knowledge of unlawful activity. Security of infrastructure and people can never be absolute. In addition, there are always individuals willing to commit crimes for one reason or another. These factors merge to form a situation in which crimes can be committed against people and property relatively easily, with at least some chance of the perpetrator remaining unidentified.

As mentioned above, the security-risk half of the dichotomy typifies our current environment. However, the majority of society manages to live contentedly, despite a certain level of vulnerability and the modern-day threat of terrorism. The security-risk seems magnified when examined in the context of the LBS privacy-security dichotomy. LBS have the potential to greatly enhance both national and personal security, but not without creating a different kind of threat to the privacy of the individual. The principal question is: how much privacy are we willing to trade in order to increase security? Is the privacy-risk scenario depicted above a preferable alternative to the security-risk society lives with now? Or would society lose more than it gains? And how are we to evaluate potential ethical scenarios in the context of utilitarianism, Kantianism, or social contract theory?

Major Implications

The issues of control, trust, privacy and security are interrelated (Table II). As discussed above, increased control can impair or even destroy trust; i.e., there is no need to be concerned with trusting someone when they can be monitored from afar. In contrast, increased trust would normally mean increased privacy. An individual who has confidence in another person to avoid intentionally doing anything to adversely affect them, probably does not feel the need to scrutinize that person's activities.

Table II  Unanswered questions in LBS

Table II Unanswered questions in LBS

Privacy requires security as well as trust. A person's privacy can be seriously violated by a security breach of an LBS system, with their location information being accessed by unauthorized parties. The other effect of system security, however, is that it enhances control. A secure system means that tracking devices cannot be removed without authorization, therefore, control is increased. Of course, control and privacy are mutually exclusive. Constant monitoring destroys privacy, and privacy being paramount rules out the possibility of LBS tracking. These relationships are summarized in Fig. 3.


The most significant implication of the work presented here is this: the potential for LBS to create social change raises the need for debate about our current path and consideration of future probabilities. Will the widespread application of LBS significantly improve our lives? Or will it have negative irreversible social effects?

Technological progress is not synonymous with social progress. Social progress involves working towards socially desirable objectives in an effort to create a desirable future world [65]. Instead of these lofty ideals, technological progress is based on what is technically possible. However, there is a difference between what can be done and what should be done – the relentless pursuit of technological advancement for its own sake is arguably a pointless exercise. Do we really need more electronic gadgets in our daily lives? As Kling states:

“I am struck by the way in which the news media casually promote images of a technologically rich future while ignoring the way in which these technologies can add cost, complexity, and new dependencies to daily life” [74].

In the Association section of the scenario, Janet's comment about Alice's Adventures in Wonderland can be seen as more than just a superficial remark. In the book, Alice has the following conversation with the Cat:

“Would you tell me, please, which way I ought to go from here?”
“That depends a good deal on where you want to get to,” said the Cat.
“I don't much care where—” said Alice.
“Then it doesn't matter which way you go,” said the Cat [75].

Martin Gardner says that John Kemeny, author of A Philosopher Looks at Science, compares Alice's question and the Cat's answer to the “eternal cleavage between science and ethics” [75]. The same could be said of LBS technologies and possible future applications. New technologies provide exciting opportunities, but human decision-making based on social and ethical considerations is also needed in determining the best path to follow. Technology merely provides us with a convenient way to reach the destination. Without a sense of direction, where might we find ourselves? And where is the logic behind a “directionless” destination? There is clearly a serious need for thought and discussion about how we want LBS to be used in the wider context of its potential application.

Besides developing a sense of purpose for the use of LBS, we need to examine very carefully the possibility of the technology having unintended side effects such as the breakdown of trust and abuse of its application. Certainly, the potential effect of unplanned consequences should not be underestimated. According to Jessen:

“The side effects of technological innovation are more influential than the direct effects, and they have the rippling effect of a pebble hitting water; they spread out in ever enlarging concentric circles throughout a society to transform its behavior, its outlook, and its moral ethic” [76].

Of course not all secondary effects can be foreseen. However, this does not mean that deliberating on the possible consequences is without some genuine worth. Surely some form of preparation to deal with adverse outcomes, or at least to notice them before they become irreversible, is better than none at all.

The scenario Control Unwired has demonstrated the potential of LBS to create social change. It has also shown that the use of LBS may have unintended but long-term adverse effects. For this reason the major recommendations are cross-disciplinary debate and technology assessment using detailed scenario planning. We need to critically engage with LBS, its potential applications, and possible side-effects instead of just blindly hurtling along with the momentum of technology-push.


1. J. E. Jacobs, "Social implications of computers: ethical and equity issues", ACM Outlook, pp. 100-114, 1988.

2. C. Huff, "Practical guidance for teaching the social impact statement", ACM CQL, pp. 86-89, 1996.

3Cases on Engineering Ethics Practice, Oct. 2006, [online] Available: http://www.onlineethics.org/ eng/cases.html.

4. A. Ghafarian, "Integrating ethical issues into the undergraduate computer science curriculum", ACM CCSC - JCSC, vol. 18, no. 2, pp. 180-188, 2002.

5. J. A. Rohn, "Usability in practice: Alternatives to formative evaluations — Evolution and revolution", CHI 2002, pp. 891-897, 2002.

6. R. G. Epstein, The Case of the Killer Robot, NY, New York:Wiley, 1997.

7. R. G. Epstein, "Stories and plays about the ethical and social implications of artificial intelligence", Intelligence, pp. 17-19, 2000.

8. R. G. Epstein, "Latest developments in the killer robot computer ethics scenario", ACM SIGCSE, pp. 111-115, 1995.

9. R. G. Epstein, "In-depth! The Silicon Valley Sentinel-Observer’s public affairs NetTV program presents: Toxic knowledge", Proc. Ethics and Social Impact Component on Shaping Policy in the Information Age, pp. 86-91, 1998.

10. J. M. Artz, "The role of stories in computer ethics", Computers and Society, pp. 11-13, 1998.

11. M. Lindgren, H. Bandhold, Scenario Planning: The link between future and strategy, NY, New York:Palgrave-Macmillan, pp. 21, 2003.

12. J. P. Martino, "A review of selected recent advances in technological forecasting", Technological Forecasting and Social Change, vol. 70, no. 8, pp. 719-722, 2003.

13. M. Godet, "The art of scenarios and strategic planning: Tools and pitfalls", Technological Forecasting and Social Change, vol. 65, no. 1, pp. 3-11, 2000.

14. M. Lindgren, H. Bandhold, Scenario Planning: The link between future and strategy, NY, New York:Palgrave Macmillan, pp. 38-168, 2003.

15. P. Hogan, On Interpretation: Meaning and Inference in Law Psychoanalysis and Literature, GA, Athens:Univ. of Georgia, pp. 9, 1996.

16. K. Michael, M. G. Michael, "Microchipping people: The rise of the Electrophorus", Quadrant, vol. 49, no. 3, pp. 22-33, 2005.

17. S. Žižek, "Cyberspace or the unbearable closure of being" in Endless Night: Cinema and Psychoanalysis Parallel Histories, CA, Berkeley:Univ. of California Press, pp. 92-102, 1999.

18. G. Aquino, "Dialled in: GPS cell phones", PC World, Mar. 2004, [online] Available: http://www. pcworld.com/article/id,115273-page,1/article.html, accessed.

19CF Card GPS for PDA’s, Sept. 2005, [online] Available: http://www.filesaveas.com/gpscfcard.html.

20Agis develops real time location service for savvy mobile phone users, Apr. 2005, [online] Available: http://www. asiagis.com.sg/agis/pdf/Navfone_Press.pdf.

21How GPS Works, Sept. 2005, [online] Available: http://www.trimble. com/gps/whygps-anim00.shtml.

22. S. Dooley, P. Gough, "Software integration lowers the cost of A-GPS", Wireless-Web, 2005, [online] Available: http://wireless.iop.org/articles/feature/6/8/7/1, accessed.

23. N. Pikabea, GPS for taxis, May 2004, [online] Available: http://innovations report. de/html/berichte/kommunikation_medien/beri cht29210.html, accessed.

24. B. Gates, The Road Ahead, NY, New York:Viking, pp. 218-219, 1995.

25Silent Commerce Chips Away at Star City Casino Wardrobe Worries, [online] Available: http:// www.accenture.com/Global/Services/By_Subject/Radio_Frequency_Identification/Client_su ccesses/StarCityCasino.htm.

26TAGSYS RFID Products, Sept. 2005, [online] Available: http://www.tagsysrfid.com/eng/ rfid/tagsys_produit/rfid_tag-4-1-1.html, accessed.

27. K. J. Lin, T. Yu, C. Y. Shih, "The design of a personal and intelligent pervasive-commerce system architecture", Proc. Second IEEE Int. Workshop on Mobile Commerce and Services, pp. 163, 2005.

28. M. Cable, The award-winning Flat Screen InvisiSound Mirror Frame makes home theater audio and video disappear, CA, Brisbane:Monster Press Room, Jan. 2005, [online] Available: http:// www.monstercable.com/press/press_result.asp?pr=2005_01_Frame.asp.

29. G. McArthur, "Videoconferencing over IP - The switch is on", Business Communications Rev., Sept. 2004, [online] Available: http://www.bcr.com/bcrmag/ 2004/09/p62.php.

30. M. Madou, BioMEMS/BioNEMS: Research in the laboratories of Marc Madou, 2003, [online] Available: http://www.inrf.uci.edu/research/marcmadou.p df.

31. H. Brøseth, H. C. Pedersen, "Hunting effort and game vulnerability studies on a small scale: A new technique combining radio-telemetry GPS and GIS", J. Applied Ecology, vol. 37, no. 1, pp. 182, 2000.

32. C. S. Miner, "Digital jewelry: Wearable technology for everyday life", CHI '01 Extended Abstracts on Human Factors in Computing Systems, pp. 45, 2001-Mar.

33Wherify's GPS Wherifone, Sept. 2005, [online] Available: http://www.wherify-wireless.com/univLoc.asp.

34GPS Marine Tracking Systems / Vessel Tracking, Sept. 2005, [online] Available: http:// www.environmental-studies.de/GPS/GPS-trac king-systems/Marine-Tracking/marine-tracking.html.

35.J. Dodd, "Parents & technology: The Wherify GPS personal locator offers help but fails to protect", General Computing, vol. 15, no. 2, pp. 35, 2004.

36Job Guide, 2005, [online] Available: http://jobguide.thegoodguides.com.au/statespecific.cfm?jobid =615&state_id=NSW.

37Electronic Monitoring, 1996, [online] Available: http://www. appa-net.org/about%20appa/electron.htm.

38Applied Digital Solutions Announces Working Prototype of Subdermal GPS Personal Location Device, 2003, [online] Available: http://adsx.com/news/2003/051303.html.

39NSWLRC Report: Sentencing, Oct. 2006, [online] Available: http://www.lawlink.nsw.gov.au/lawlink/lrc/ll_lrc.nsf/pages/LRC_ip27chpl.

40. D. Brown, D. Farrier, S. Egger, L. McNamara, Criminal Laws, NSW, Leichhardt:Federation, 2001.

41Discretionary Parole, 2002, [online] Available: http://www. appa-net.org/about%20appa/discretionary_par ole.htm.

42. D. Sugg, L. Moore, P. Howard, Electronic monitoring and offending behavior: reconviction results for the second year of trials of curfew orders, 2001, [online] Available: http://www.probation. homeoffice.gov.uk/files/pdf/r141[1].pdf.

43Electronic Monitoring, 2004, [online] Available: http://www.corrections.govt.nz/public/aboutus/fact-sheets/reducingreoffending/electronic-monitoring.html.

44Chapter 7: Parole, 1996, [online] Available: http://www.lawlink.nsw.gov.au/lrc.nsf/pages/DP33CHP7, accessed.

45Keeping Track of Electronic Monitoring, 1999, [online] Available: http://www.justnet.org/pdffiles/ Elec-Monit.pdf.

46Parole Sex Offenders and Rehabilitation Programs, 2003, [online] Available: http://www.nswccl.org.au/docs/pdf/Parole_Sex Offenders_Note.pdf, accessed.

47. S. J. Lee, J. F. Edens, "Exploring predictors of institutional misbehavior among male Korean inmates", Criminal Justice and Behavior, vol. 32, no. 4, pp. 412-414, 2005.

48. "Terror tape targets Melbourne", The Australian, Sept. 2005.

49. K. Michael, A. Masters, "The advancement of positioning technologies in defense intelligence" in Applications of Information Systems to Homeland Security and Defense, U.K., London: IDG Press, pp. 193-201, 2005.

50. A. M. Piehl, B. Useem, J. J. DiIulio, Right-sizing justice: A cost-benefit analysis of imprisonment in three states, 1999, [online] Available: http://www.manhattan-institute.org/html/ cr_8.htm, accessed.

51. J. Scheeres, "Tracking Junior with a microchip", Wired News, 2003, [online] Available: http://www. wired.com/news/technology/0,1282,60771,00. html, accessed.

52. M. Millanvoye, "Teflon under my skin", UNESCO, 2001, [online] Available: http://www.unesco.org/courier/2001_07/uk/doss41.htm.

53. Computers Ethics and Society, NY, New York:Oxford Univ. Press, pp. vi, 2002.

54. E. Adler, J. L. Bachant, "Intrapsychic and interactive dimensions of resistance: A contemporary perspective", Psychoanalytic Psychology, vol. 15, no. 4, pp. 451-454, 1998.

55. N. Gilmore, "PM defends anti-terrorism laws", Lateline, 2005, [online] Available: http://www.abc.net.au/ lateline/content/2005/s1456384.htm.

56. "Terror laws shouldn't go overboard: Evans", The Sydney Morning Herald, 2005, [online] Available: http:// www.smh.com/au/news/national/terror-laws-shouldnt-go-overboard-evans/2005/09/27/ 1127586836368.html?from=moreStories.

57. M. Wilkinson, "Powers pave way for secret new world", The Sydney Morning Herald, pp. 1-6, Sept. 2005.

58. J. Kerr, "House arrest for terror suspects", The Sydney Morning Herald, pp. 1, Sept. 2005.

59. H. E. Marano, "Trust someone again", Psychology Today, vol. 31, no. 4, pp. 7, 1998.

60. T. Mizrahi, "How can you learn to trust again", Psychology Today, vol. 35, no. 2, pp. 12, 2002.

61. J. A. Perolle, "Computer-supported cooperative work" in Computers Surveillance and Privacy, MN, Minneapolis:Univ. of Minnesota Press, pp. 47-59, 1996.

62. J. Weckert, "Trust and monitoring in the workplace", Proc. IEEE International Symposium on Technology and Society, pp. 245, 2000.

63. J. Lipscombe, B. Williams, Are Science and Technology Neutral, U.K., Manchester:Univ. of Manchester, pp. 19, 1979.

64. L. Winner, Autonomous Technology: Technics-out-of-Control as a Theme in Political Thought, MA, Cambridge:M.I.T. Press, pp. 76, 1977.

65.E. Braun, Futile Progress: Technology's Empty Promise, U.K., London:Earthscan, pp. 21, 1995.

66. T. P. Hughes, Technological momentum in Does Technology Drive History?, MA, Cambridge:M.I.T. Press, pp. 101, 1994.

67. D. Lyon, Surveillance Society: Monitoring Everyday Life Berkshire, U.K.:Open Univ. Press, pp. 23-24, 2001.

68. "Power outage hits Auckland hours after crisis declared over", CNN World News, 1998, [online] Available: http://www.cnn.com/WORLD/9803/27/ auckland.outage/.

69. K. Westcott, "New York's good and bad blackouts", BBC News, 2003, [online] Available: http://news.bbc. co.uk/1/hi/world/americas/3154757.stm.

70. P. Bereano, "Technology is a tool of the powerful" in Computers Ethics and Society, NY, New York:Oxford Univ. Press, pp. 85, 2003.

71. G. T. Marx, Undercover: Police Surveillance in America, U.K., Berkeley:Univ. of California Press, 1988.

72. L. G. Kun, "Homeland security: the possible probable and perils of information technology", IEEE Engineering in Medicine and Biology, vol. 21, no. 5, pp. 28-33, 2002.

73. L. Perusco, K. Michael, M. G. Michael, "Location-based services and the privacy-security dichotomy", Proc. Third Int.Conf. on Mobile Computing and Ubiquitous Networking, 2006.

74. R. Kling, "The seductive equation of technological progress with social progress" in Computerization and Controversy: Value Conflicts and Social Choices, MA, Boston:Academic, pp. 22-23, 1996.

75. The Annotated Alice, NY, New York:Penguin, pp. 88, 1970.

76. P. Jessen, Technology Assessment: Creative Futures, MI, Ann Arbor:Univ. of Michigan Press, pp. 245-246, 1980.


The authors would like to acknowledge the significant contribution of Dr. M.G. Michael, Honorary Fellow at the School of Information Systems and Technology at the University of Wollongong and a member of the IP Location-Based Services Research Program.


Privacy, Security, Ethics, Technological innovation, Social implications of technology, Animals, Mission critical systems, Radio frequency, Radiofrequency identification, Uncertainty, security of data, data privacy, mobile computing, privacy-security dichotomy, location-based services, scenario planning, security risk, privacy risk

Citation: Laura Perusco, Katina Michael, "Control, trust, privacy, and security: evaluating location-based services", IEEE Technology and Society Magazine, Vol. 26, No. 1, Spring 2007, pp. 4 - 16.

The Social, Cultural, Religious and Ethical Implications of Automatic Identification

Katina Michael, School of Information Technology & Computer Science, University of Wollongong, NSW, Australia 2500, katina@uow.edu.au

M.G. Michael, American Academy of Religion, PO Box U184, University of Wollongong, NSW, Australia 2500, mgm@uow.edu.au

Full Citation: Katina Michael, M.G. Michael, 2004, The Social, Cultural, Religious and Ethical Implications of Automatic Identification, Seventh International Conference on Electronic Commerce Research (ICER-7), University of Texas, Dallas, Texas, USA, June 10-13. Sponsored by ATSMA, IFIP Working Group 7.3, INFORMS Information Society.


The number of automatic identification (auto-ID) technologies being utilized in eBusiness applications is growing rapidly. With an increasing trend toward miniaturization and wireless capabilities, auto-ID technologies are becoming more and more pervasive. The pace at which new product innovations are being introduced far outweighs the ability for citizens to absorb what these changes actually mean, and what their likely impact will be upon future generations. This paper attempts to cover a broad spectrum of issues ranging from the social, cultural, religious and ethical implications of auto-ID with an emphasis on human transponder implants. Previous work is brought together and presented in a way that offers a holistic view of the current state of proceedings, granting an up-to-date bibliography on the topic. The concluding point of this paper is that the long-term side effects of new auto-ID technologies should be considered at the outset and not after it has enjoyed widespread diffusion.

1.  Introduction

Automatic identification is the process of identifying a living or nonliving object without direct human intervention. Before auto-ID only manual identification techniques existed, such as tattoos [[i]] and fingerprints, which did not allow for the automatic capture of data (see exhibit 1.1). Auto-ID becomes an e-business application enabler when authorization or verification is required before a transaction can take place. Many researchers credit the vision of a cashless society to the capabilities of auto-ID. Since the 1960s automatic identification has proliferated especially for mass-market applications such as electronic banking and citizen ID. Together with increases in computer processing power, storage equipment and networking capabilities, miniaturization and mobility have heightened the significance of auto-ID to e-business, especially mobile commerce. Citizens are now carrying multiple devices with multiple IDs, including ATM cards, credit cards, private and public health insurance cards, retail loyalty cards, school student cards, library cards, gym cards, licenses to drive automobiles, passports to travel by air and ship, voting cards etc. More sophisticated auto-ID devices like smart card and radio-frequency identification (RFID) tags and transponders that house unique lifetime identifiers (ULI) or biometric templates are increasingly being considered for business-to-consumer (B2C) and government-to-citizen (G2C) transactions. For example, the United States (US) is enforcing the use of biometrics on passports due to the increasing threats of terrorism, and Britain has openly announced plans to begin implanting illegal immigrants with RFID transponders. Internationally, countries are also taking measures to decrease the multi-million dollar costs of fraudulent claims made to social security by updating their citizen identification systems.

Exhibit 1.1     Manual versus Automatic Identification Techniques

Exhibit 1.1     Manual versus Automatic Identification Techniques