Monday, February 13, 2012

Locational privacy: beyond privacy as property and secrecy?

In April last year, it was revealed that every time an iPhone user synchronises their device with a networked computer, Apple downloaded files which contain fairly detailed locational information about the movement of its user. 

Soon after that, it was revealed that TomTom GPS devices also send locational information about their user's movements back to the company which provides the navigational services.
Map of iPhone movements, produced by Alasdair Allan and Pete Warden with their iPhone Tracker application (discussed below)

Predictably, in both cases the corporations involved have denied any sinister intentions, and have tried to re-assure folks that the data from individuals is de-identified and used only to improve services for consumers of their products. Equally as predictably, such re-assurances have not satisfied critics, who argue that these corporations have breached the privacy of their customers by keeping locational information without their explicit consent.

This question is most often asked, and answered, through the concept of privacy. And if the extent of newspaper coverage and opinion on such episodes is anything to go by, the issue of locational privacy is beginning to generate some overdue scrutiny. While most readers of these articles are assumed to be aware that their activities in 'cyberspace' might leave behind digital shadows, the fact that their movements through the city are also leaving such shadows is presented as something new that has emerged as a result of the increasing diffusion of location-aware mobile media devices such as smartphones and navigation devices.

Media discussions of locational privacy are generally infused with a nagging sense that something is  kinda wrong with these privacy incursions ... but there's not a clear sense of what exactly that is.
For the most part, these emerging locational privacy issues are presented as a problem of 'informed consent'. The assumption seems to be that as long as users are aware that digital data about their movements is being collected and stored and have given their consent to this, then there is no problem.

From this perspective, the only problem with corporations like Apple and Tom Tom collecting and storing locational data about individuals is that those individuals were unlikely to be aware that it was happening, and so could not make an informed choice. By contrast, when people broadcast their location by 'checking-in' to places via locative media applications like Foursquare or Facebook Places, there is no problem because they are doing so knowingly -- they have made an informed choice.

[There are also concerns about the security of such data, even where there is informed consent. Last year's breach of security at Sony exemplifies this risk. And even where data is de-identified, there exists the potential for re-identification in many cases. But I'm gonna leave this important issue aside for now...]

The understanding of privacy that informs this presentation of the problems of location-awareness is interesting. Privacy is almost universally assumed in such stories to be something that is traded by individuals, in return for the benefits of owning and using devices such as smartphones and SatNavs. From this perspective, as long as choice is free and informed, what individuals choose to do with their privacy is entirely up to them. The argument goes something like this: no-one is being forced to buy an iPhone or a SatNav, or to sign up with Foursquare or Facebook Places etc. So, if they value their locational privacy, they should not use the gadget and/or service. Similarly, if they are worried about digital surveillance through CCTV cameras or credit cards and are not prepared to 'trade' a degree of locational privacy for a bit of security and/or convenience, they can choose not to go to places with surveillance or use credit facilities.

This way of articulating the privacy problem has an associated policy response -- to ensure that adequate consent and notification mechanisms are established for users of gadgets and applications and places that might track/store/broadcast their movements. Once such mechanisms are in place, the problem appears to be solved.

This classically liberal presentation of privacy as something to be valued and traded by an individual has at least two limitations. First, there's the important question of whether conventional consent mechanisms are actually adequate to their task in a complex digital world. At the Engaging Data Forum hosted by MIT's Senseable City Lab a couple of years ago, Solon Barocas and Helen Nissenbaum gave a great paper about some of the significant limitations of notice and consent mechanisms in the digital realm. While their paper is primarily concerned with Online Behavioural Advertising and the tracking and targeting of individuals as they roam the internet, I think many of the points they raise are pertinent to the emerging discussions of locational privacy in the city.

Second, there's the broader question about whether individual consent really is the key issue here. If I'm the kind of person who wants to maintain some locational privacy, it's easy enough for me to not buy an iPhone. I could probably even give up my beloved 7-year old Nokia mobile phone without too much inconvenience! But here in Sydney, and in many other cities, making the 'choice' not to have my movements digitally surveilled would also mean not using public transportation systems (hello CCTV). It would mean not driving my car on freeways (hello eTags and traffic cameras). It would mean not going into any shopping malls or most shopping streets (hello CCTV and EFTPOS). It would mean not going into my university library (hello again, CCTV).  In other words, the issue is not only whether my 'choice' is informed. Even if I'm informed, do I really have the option not to consent? When a 'choice' about locational privacy means that I can't access facilities and services that are actually a part of my everyday life and citizenship, then is it really a matter of individual 'choice'?

Our 'choices' about locational privacy, then, are also constrained by the wider context in which they are made. This raises important questions: what are the 'reasonable expectations of privacy' that pertain in different contexts, and how are such expectations established, upheld and modified? These questions draw attention to the public nature of privacy. As Lauren Berlant and Michael Warner put it, "There's nothing more public than privacy". Of course, they were talking about the ideological privacy of sex and sexuality, but hey, their point holds here too -- 'reasonable expectations of (locational) privacy' are normative, and inscribed in laws and other public institutions and arrangements.

Given this public dimension to locational privacy, the extent of 'reasonable expectations of privacy' ought to be open to public debate and deliberation. But our collective capacity to conduct such debates is hampered by at least two crucial factors. First, there's the question of whether enough of us understand the new technologies and practices which impinge on locational privacy. It might now be obvious to most people that their movements in (certain parts of) the city are surveilled by CCTV cameras. But how much do most people know about the kinds of locational data kept by retailers, banks, advertisers, mobile phone companies, public services, etc?

Second, attempts to initiate debates about threats to locational privacy are often shut down by the claim that "if you've got nothing to hide, you've got nothing to fear". Here, the 'public interest' is equated with security in the face of terror and other forms of risk, and that public interest is said to outweigh most privacy concerns.

Daniel Solove (a Prof of Law at George Washington University in the US) has recently tackled this logic in a book called Nothing to Hide: The False Trade Off Between Privacy and Security (you can read a shortish article excerpted from the book here). The crux of Solove's criticism of the 'nothing to hide' logic is that it reduces the value of privacy to individual secrecy from the state. To paraphrase him, the disclosure of 'bad things' to the state is just one of a range of outcomes that may ensue from the collection, storage and/or broadcast of our location and movements. And we ought to be debating threats to locational privacy with some of these other outcomes in mind.

What are some of these other outcomes of the reduction of locational privacy that we might try to debate? Well, interestingly, one of the other outcomes frequently discussed is the risk that is generated, rather than prevented, by exposure -- this is the fear that 'good' people who make their location public might be at risk of stalking, or worse forms of criminal behaviour. (The good folks who designed the website Please Rob Me sought to draw attention to the fact that many people are basically broadcasting both their home address and the times they are not home via location-aware mobile media applications, in a manner which could be quite handy for, say, burglars.)

The potential aggregation of individually-identifiable information is another concern raised by Solove that is pertinent in discussions of locational privacy. His point here is that while we may not be too troubled by any one of the different digital shadows we leave behind in the course of a daily lives (a face on a CCTV camera here, a credit card transaction there, a Foursquare check-in here, a tag on a Facebook image there, etc etc), once those traces are aggregated, they build up a much more detailed picture of our movements and activities. As such, the question of who has the capability and authority to aggregate these different bits of data becomes an important question. Should some state agencies like the police have that authority? Under what circumstances and with what controls? Should insurance companies? Should employers?

There are some further outcomes of locational data collection and storage that also warrant debate. In  cases like the Apple and Tom Tom ones that I mentioned at the start of this piece, the collection and aggregation of data about our movements through the city is commodified through its use in the design new devices and applications, and through its sale to third parties like advertisers. Here, our movements through the city are generating a kind of surplus value that is being captured for profit by private economic interests rather than any 'common good'.

In seeking to raise these broader questions, the big question here is whether 'privacy' is an adequate concept to capture the variety of concerns that might emerge from the rapid diffusion of location-aware technologies. This has been a matter of debate for folks who have been thinking about surveillance for a while -- Colin Bennett recently published an article 'In Defense of Privacy' in the journal Surveillance and Society, and there have been a number of responses in the journal (gathered together here).

I haven't quite worked through my own position on this yet. Having thought quite a bit about publicness and the city, I'm certainly now pretty interested to think about the urban dimensions of privacy. I wonder if in urban studies, we've been so concerned with critiquing various forms of 'privatisation' that we might have missed the simultaneous threats to other forms of privacy that we might value?

I'm fairly certain that I'm not down with the 'privacy is dead and we should celebrate it' crowd. IT pundit Bill Thompson gave a really interesting talk advocating this position ("The Death of Privacy and Why We Should Welcome It") at the Lift conference in 2009, the video of which is sadly no longer available -- but there's at least an abstract here and a longer summary here. His talk was deliberately provocative -- but it seems to me that to posit the notion that 'we' have all traded in out-dated expectations of individual privacy for the benefits of smart phones and social media seems to rely on the very Enlightenment ideal of possessive individualism that it claims to supplant. I'm caricaturing his position, but he basically seems to be suggesting that the adoption of these new technological wonders has been an informed and unconstrained choice by individuals who constitute a technological vanguard that gets the benefits of it all, and need to teach the rest of us how to learn to stop worrying and love the iPhone.

In trying to wrap my head around it all, I'm especially interested to think more about the particular nature of locational privacy. The very notion of 'locational privacy' challenges simplistic assumptions about the public/private distinction which hold them to be separate spheres and places, because it implies that we might have a 'reasonable expectation' of a degree of privacy concerning our movements and activites 'in public'. This issue is addressed to some extent an in interesting piece on Locational Privacy from the Electronic Frontier Foundation.

Meanwhile, for those of you who have iPhones, Alasdair Allan and Pete Warden -- the researchers who initially revealed the tracking of iPhone users -- have developed an open source application called iPhone Tracker, which lets you map the information that your iPhone is recording about your movements.

And using this application, James Bridle has just published what looks to be a beautiful book of maps of his (iPhone's) movements, called Where the F**k Was I?. I love the essay that he's put up on his website about the book, which is very evocative of the invisible infrastructure supporting location-aware media devices that saturates the city.

No comments:

Post a Comment