Do Not Track!

Jun 2012 | No Comment

GEORGE CHO

One wonders now whether geospatial technologies have exposed privacy, and whether this exposure has given rise to an unrealistic expectation of privacy protection

George Cho

Faculty of Applied Science

Honorary Member of JSPRS

University of Canberra, Canberra, AUSTRALIA

There is a saying that “it takes a thief to catch a thief”. This is because to know the modus operandi of a presumptive thief is to know when, where and how that person operates. What better way than to put a ‘tag’ that will follow every movement of that person to gather evidence in order to implicate that person. Hiding a global positioning system (GPS) on a person’s vehicle is one means of collecting information with a view to later prosecution of the driver of the vehicle where a criminal act is committed. Simple logic, one might think. But all that is not what it seems because every person has rights not only of a personal and private nature but also over one’s property. In the U.S. it seems that law enforcement agencies cannot use GPS equipment planted on vehicles to gather information from suspects without a credible and probable cause of criminal activity and without a court warrant. In the recent case of United States v. Jones 132 S. Ct. 945 (2012) at the U.S. Supreme Court, all nine Supreme Court Justices agreed that Jones was searched when police attached a GPS device to the undercarriage of his car and tracked his movements for four weeks. The act of attaching the device was a violation of Jones’s rights to his property and effects. The monitoring of Jones was a violation of his reasonable expectation of privacy. And, the Fourth Amendment provides significant other guarantees.

In general, these rights and the checks and balances in the system of justice in the U.S. such as the rights to privacy, are ensconced in the Bill of Rights. The concept of ‘zones’ of privacy, rights against property intrusion such as trespass are guaranteed under the Fourth Amendment of the U.S. Constitution. This article is a brief commentary on the evolving legal issues pertaining to privacy and its loss through overt and covert surveillance with the use of geospatial technologies.

Do Not Track

Do Not Track (DNT) and the proposed U.S. Act of the same name, is a mechanism for protecting online privacy that specifically addresses the challenge of pervasive online behavioural tracking (see ElectronicFrontierFoundation.org) especially those employed by behavioural advertisers (see WorldPrivacyForum.org) that use sophisticated tracking technologies. Do Not Track is unique in that it combines both technology (a signal transmitted from a user) as well as a policy framework as to how companies that receive the signal should respond. Some countries, such as Australia, have legislation to prevent cold calling by telemarketers in a Do Not Call (DNC) database that users can register with (www.donotcall.gov.au). The Do Not Call Register is a secure database where one can list an Australian phone number to opt out of receiving most telemarketing calls and marketing faxes. Arguably, DNT and DNC facilities are there to enhance privacy and to protect property against unauthorised intrusion. The case of United States v Jones (2012) suggests that in the physical world coupled with the geospatial technologies there may be some protection of sorts. But we need to understand the law and the technology to appreciate the nuances properly.

Global Positioning Systems

The use of GPS for tracking, navigation and location has blossomed to become a leading technology that, perversely, has created potential privacy leakages. The provision of coordinates and technological developments have gone hand in glove with other tools, such as facial recognition, biometrics and street cameras to make it a safer environment for everyone. But the digital revolution and use of powerful sensor devices now seem to have exhausted all rights to privacy of the individual. Ironically, some of these are officially sanctioned, as in the case of closed circuit television (CCTV) in Britain. CCTV poses both ethical and legal questions and it may be the price one pays for living in a digital age where a digital trail of data is left behind everywhere one ventures. This may be sousveillance par excellence — the “watchful vigilance from underneath” [derived from the French sous, meaning “below” as opposed to surveillance meaning from “above”]. In sousveillance subjects are aware that their movements are being tagged and observed and their spatial movements over time have been recorded for security purposes.

How Google managed to get all your private data and got away with it

By David Streitfeld and Kevin J. O’brien
Secrets spilled across the computer screen. After months of negotiation, Johannes Caspar, a German data protection offi cial, forced Google to show him exactly what its Street View cars had been collecting from potentially millions of his fellow citizens. Snippets of e-mails, photographs, passwords, chat messages, postings on websites and social networks – all sorts of private Internet communication – were casually scooped up as the specially-equipped cars photographed the world’s streets. “It was one of the biggest violations of data protection laws that we had ever seen,” Caspar recently recalled about that long-sought viewing in late 2010. “We were very angry.”
Google might be one of the coolest and smartest companies of this or any era, but it also upsets a lot of people – competitors who argue it wields its tremendous weight unfairly, offi cials like Caspar who says it ignores local laws, privacy advocates who think it takes too much from its users. Just this week, European antitrust regulators gave the company an ultimatum to change its search business or face legal consequences. American regulators may not be far behind. The high-stakes anti-trust assault, which will play out this summer behind closed doors in Brussels, might be the beginning of a tough time for Google.
But never count Google out. It is superb at getting out of trouble. Just ask Caspar or any of his counterparts around the world who tried to hold Google accountable for what one of them, the Australian communication minister Stephen Conroy, called “probably the single greatest breach in the history of privacy”. The secret Street View data collection led to inquiries in at least a dozen countries, including four in the US alone. But Google is yet to give an explanation of why the data was collected and who at the company knew about it. No regulator in the US has ever seen the information that Google’s cars gathered from the citizens.
The tale of how Google escaped a full accounting for Street View illustrates not only how technology companies have outstripped the regulators, but also their complicated relationship with their adoring customers. Companies like Google, Amazon, Facebook and Apple supply new ways of communication, learning, entertainment and high-tech wizardry for the masses. They have custody of the raw material of hundreds of millions of lives – the intimate e-mails, the revealing photographs, searches for help or love or escape. People willingly, at times eagerly, surrender this information.
But there is a price: the loss of control, or even knowledge, of where that personal information is going and how it is being reshaped into an online identity that may resemble the real you or may not. Privacy laws and wiretapping statutes are of little guidance, because they have not kept pace with the lightning speed of technological progress.
http://www.nytimes.com

Privacy

Privacy has often been discussed and its interpretation is varied. Privacy is both a concept and a right and is a broad area of law that offers protection to one’s confidences and private information. Privacy is a fundamental human right and is the very basis of human dignity and values, freedom of association and freedom of speech. Such rights are protected by the Universal Declaration of Human Rights (UDHR) (1948) and the International Covenant on Civil and Political Rights (ICCPR) 1976. Nearly every country has a right to privacy in its Constitution with protections against intrusions in one’s home, the confidentiality of communications and specific rights to access and control of one’s personal information. Where such rights are not provided in a Constitution, courts have found a means of giving protection.

Canadian courts have recognised a general right to privacy and the protection of privacy interests under the rubric of nuisance law. The tort of invasion of privacy has been recognised in the New Zealand Bill of Rights Act 1990. In India protection is available under common law for an actionable wrong for the invasion of privacy. Privacy also has deep roots among the major religions of the world. A right to privacy is recognised in the Qur’an, to references in the Bible and in Jewish law. But, there is no universal definition for privacy, and its definition varies according to the context and usage. The concept of privacy may also differ between cultures and legal traditions. The Australian Constitution, for example, has no vested powers over privacy protection, while the common law protects privacy rights indirectly. The European Convention for the Protection of Human Rights and Fundamental Freedoms 1950 (ECHR) guarantees a right to respect of a person’s private and family life, home and correspondence and that no public authority has the right to interfere with this right except in accordance with the law and as necessary in a democratic society in the interests of national security, public safety or economic well-being of the country.

However, the relevant legislations across jurisdictions render the concept unclear and its application variable. It seems that there are no clear enforcement mechanisms and there are many potential issues, including constitutional difficulties. In addition, there are divergent views regarding its interpretation and meaning. This is no more so than highlighted in the case of United States v Jones (2012) and related cases citing the Fourth Amendment.

US cases change emphasis from an expectation of privacy to an intrusion to property

In the U.S. the Fourth Amendment refers to: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” (U.S. Constitution Amend. IV).

In the case of Katz v United States 389 U.S. 347 (1967) the Court held that police officers violated the Fourth Amendment when they conducted a warrantless search using a listening and recording device placed on the outside of a public phone booth to eavesdrop on the conversation of a suspect who had ‘justifiably relied’ upon an expectation of privacy of the phone booth. Similarly, in Kyllo v United States 533 U.S. 27 (2001) the Court decided that a suspect had a reasonable expectation of privacy in his home when the police, suspecting him of growing marijuana, used a thermal imaging device without a warrant to detect the heat emanating from it. In contrast in United States v Ciraolo 476 U.S. 207 (1986) the Court held that there was no reasonable expectation of privacy in his 10-foot-high fenced-in back yard after the police looked into it without a warrant from an airplane to see if he was growing marijuana.

However, in United States v Knotts 460 U.S. 276 (1983) police officers placed a beeper in a container that was in the defendant’s car and maintained visual surveillance with the help of a monitor to receive the beeper signals. The Court held that the officers’ actions did not constitute a search or seizure and that there was no legitimate expectation of privacy as the monitoring of the defendant was along public highways and other areas visible to the naked eye. In United States v Karo 468 U.S. 705 (1984) the placement of a beeper with the consent of the owner of a container of drugs that was sold to the defendant and tracked and later used as evidence to prosecute a drug offence produced an ambivalent decision in the courts. The Court found that there was no reasonable expectation of privacy protection in the use of the beeper but that monitoring the beeper in a private residence not open to visual surveillance violated the Fourth Amendment.

The ruling in the case of United States v Jones (2012) has changed the emphasis of the Fourth Amendment such that whereas in the case of Katz v United States (1976) and following cases the ruling hinged on an expectation of privacy to the present where the instant decision is propertybased. That is, an intrusion of one’s property and effects, a trespass no less.

While such developments in the law in the U.S. are instructive as each ruling is fact and case sensitive, there have been developments elsewhere to go hand in hand with the evolution of information technology. There might be inter-generational differences in what and how people reveal information about themselves. “Gen Y” it seems happily and voluntarily surrender their private information in exchange for friendship, followers and social networking. People of the Gen-Y age readily share their lives through new social media such as Twitter, Facebook and Foursquare, in contrast with the more conservative ‘baby-boomers’ of the sixties. Social networks challenge the very fabric of what is ‘private’ and what is secret and confidential. But sometimes, technology might also lure us into complacency where privacy is revealed both advertently and inadvertently which makes it difficult to identify, protect and to police. Ironically, and on reflection, a lot of our loss of privacy to the public domain is entirely consensual. The social media of Twitter, Facebook and Foursquare could become the very tools of the modern burglar.

Modern mobile phones and in-build GPS devices in motor vehicles provide geolocation information automatically. Sometimes, one forgets as happened in the case of the presenter of the television series Mythbusters Adam Savage. He took a photograph of his vehicle using a smartphone and posted the image on a Twitter account with the phrase “Off to work”. The image contained metadata which revealed the exact geographic location of the photograph, the make of the vehicle and the time he left for work (see New York Times http://nyti.ms/917hRh).

There are thus competing interests in the use of geospatial technology that suggests a dire need for a balance to be struck between law enforcement on the one hand and the protection of privacy and property on the other. While GPSs may help law enforcement become more effective and efficient in detecting criminal activities with preventative measures there may be no need to engage in high speed chases which endanger the lives of the public, the police and the suspect. With GPS surveillance becomes affordable with the simultaneous monitoring in more places and over greater distances. The GPS may provide more ‘eyes’ than is ever possible and may not offend any legislative provision such as an expectation of privacy as observations are in the public arena. The use of technology is simply a matter of efficiency.

The advantages of using GPs technology outlined above need to be balanced against the unacceptable costs its use. One ‘social’ cost that is unacceptably high is where the device discloses activities that are indisputably private in nature such as a trip to the plastic surgeon, the abortion clinic, AIDS treatment centre, strip club, union meeting, mosque, synagogue or church. While these locations may be public one might not be present to explain the reasons for being at these locations when the data are harvested and mined for geoanalytical purposes. One’s patterns of professional and vocational pursuits could be misinterpreted with various undertones of guilt by association. The ability of law enforcement agencies to obtain such comprehensive and detailed information of one’s movements suggests Big Brother secretly monitoring movements in time and space through a small device such as a mobile phone or the car. Pervasive monitoring that is prolonged and continuous can be both burdensome and intrusive.

The view therefore is that if there is available technology it should be used for good or to adopt the Google mantra of ‘don’t be evil’ – namely follow the law, acting honourably and treat each other with respect. If there is a need for a warrant, as dictated by local laws, then unless it were an emergency, it is not a big burden to take a few minutes to apply for judicial approval before using such revealing technology. Technology has the potential to interfere with privacy interests but legislation provides the baseline for protection.

Conclusion

Information technology reduces the ability of an individual to control information pertaining to that person, and it is this aspect of individual privacy that is placed at risk by high powered computers and informatics. Cloud computing and linked networked personal information reveals a rich vein of data to be mined for many purposes. This linked information seems to be a particular problem of protecting privacy in an age of automated data processing and analytics. The technology has the capacity to expand and expedite the analysis of personal data and create connections not otherwise perceived – it is the ‘new’ problem for privacy in its wider modern conception.

One wonders now whether geospatial technologies have exposed privacy, and whether this exposure has given rise to an unrealistic expectation of privacy protection. It may be that privacy has been poorly understood – involving emotional and mass fear and uncertainty so that calm reflection and contemplation has not taken place. In the Web 2.0 generation, where things happen by mass action, the solutions are embedded in technical and social standards and not solely in legal avenues. The law might be lagging behind all these dynamic changes. One might ask whether privacy in a public place is a contradiction in terms. GPS devices might be protect property and enhance privacy but it does so in the cyberspace commons.