By Paul Rosenzweig, The George Washington University Law School
Geolocation is a tracking phenomenon which identifies where a person is physically. GPS interacts with satellites that orbit the Earth and tells locations with accuracy within about 3 meters, or 10 feet. How is this geolocation data collected? Can people choose to not share their location to protect their privacy?
EXIF Data
If you take pictures using your smartphone, you’re creating location data about yourself. Your camera stores a bunch of data about every picture you take. It records the aperture, shutter speed, ISO speed, camera mode, focal distance, and sometimes even more than that. All of this is stored in the EXIF data, an extra piece of information attached to every picture file your camera creates. It’s called the Exchangeable Image File.
EXIF data has been around since the early days of digital photography. Today, one thing that the photo puts in the EXIF is your geolocation. Almost all smartphone cameras geotag the photos they take. And once you’ve put the picture up on any photo collection program, it’s a simple process to download the photo, select its properties, and find the EXIF data for the picture.
Learn more about the ‘observer effect’.
Rapid Information Overlay Technology
However, some of us advertise the same information. We run around formally tagging our location and checking in at various places. If you use an app like Foursquare or Swarm, you’re purposefully broadcasting where you are.
And it’s pretty easy to accumulate that data, and use it to draw a picture of an individual’s activities. For example, Raytheon has developed something it calls the Rapid Information Overlay Technology, or RIOT. RIOT uses only publicly available data from social media programs like Instagram, Facebook, Foursquare, and Koala. With that information, you can draw a detailed picture of a person based on where he goes.
Raytheon understands the power of this sort of analytic tool, and the peril. That’s why it describes the RIOT tool as privacy-protective.
This is a transcript from the video series The Surveillance State: Big Data, Freedom, and You. Watch it now, on Wondrium.
Partial Masking, or Pseudonymity
One of the common tools that systems integrators often use as a means of ameliorating privacy and civil liberties concerns is the tool of partial masking, or pseudonymity.
By scrubbing linked data of personally identifiable information, but still making it capable of being correlated and analyzed, you can create a process that is thought to be more robust in protecting privacy. The data that is scrubbed of identity markers is linked together in patterns. Only when those patterns meet some threshold of concern—and, typically, when some third-party or supervisor verifies that the threshold has been exceeded—only then is the anonymity of the data removed and identifying information added back in.
In this way, large volumes of innocent collateral data can be collected and sifted in an automated fashion, without—it is said—threats to privacy. Of course, to rely on that system you have to trust the process.
Why Is Geolocation Important?
You can turn off the identifying information, and still use your camera and Instagram account. The geotag is not an essential function. But what about when it is essential?
Geolocation is essential to navigation functions such as Google maps, for example. That’s the type of functionality you can’t really turn off and still navigate. And, so, the only way to avoid exposing your location data is not to use that function at all.
But some other geolocation functions are, for all intents and purposes, an essential component of modern-day life. When that happens, then the sort of surveillance that in other contexts might seem only a bit creepy can begin to become pretty scary, and even downright authoritarian.
Learn more about reconciling civil liberties with the right to privacy.
Cell Phones and Geolocation
Think, for example, about your cell phone—not all of the super-sophisticated location apps that you could do without, but rather think of the phone itself, and the voice and text communications that are probably at the core of your personal mobility and your personal connectivity. These features also allow us to know exactly where you are all the time.
You see, your cell phone is constantly reporting your location to the nearest cell towers. That’s how the telephone system knows where you are so it can connect a call to you.
The phone company keeps those records of where your cell phone is, or was. That means that they know where you are right now, and also where you’ve been.
Now, maybe you’re not worried about what your phone company knows. But what if they sell it to some commercial advertiser? Or, what if the government issues a subpoena and collects all those records about you?
Learn more about the government’s electronic surveillance programs.
The Fourth Amendment and Geolocation Data
The issue is highly contentious, but the law says that the Fourth Amendment does not protect information you share with a third party. So, when you voluntarily broadcast your location to the cell phone company or Facebook, that means that there’s no constitutional rule that prevents them from giving the information to the government.
This kind of implied consent has a very forced feel to it. We can’t turn the geolocation part of the cell phone off—at least not if we want our cell phones to work. And we can’t really quit society. Our consent is, in effect, coerced.
That’s why a few courts around the country are starting to take a different view and extending the law governing warrants to cover cell tower records. They’re saying that, in the absence of a warrant based on probable cause, the government can’t secure these historical records.
We need, as a society, to choose how much—or little—access we want to give the government to geolocation data.
Common Questions about Geolocation: Necessity and Pseudonymity
The EXIF data is an extra piece of information attached to every picture file your camera creates. It records the aperture, shutter speed, ISO speed, camera mode, focal distance, and your geolocation.
Raytheon has developed something it calls the Rapid Information Overlay Technology, or RIOT. RIOT uses only publicly available data from social media programs like Instagram, Facebook, Foursquare, and Koala. Raytheon describes the RIOT tool as privacy-protective.
Partial masking scrubs linked data of personally identifiable information, but still makes it capable of being correlated and analysed. This helps create a process that is thought to be more robust in protecting privacy.
