Should ISPs adopt Juniper’s add-on, we will be witnessing yet another instance of repugnant ‘innovation’ that ISPs are regularly demonstrating in their efforts to enhance their revenue streams. We have already seen them forcibly redirect customers’ DNS requests to ad-laden pages, provide (ineffective) ‘anti-infringement’ software to shield citizens from threats posed by three-strikes laws, and alter the payload content of data packets for advertising. After touching the payload – and oftentimes being burned by regulators – it seems as though the header is the next point of the packet that is to be modified in the sole interest of the ISPs and to the detriment of customers’ privacy.

Advertisers that have been gathering demographic information on citizens for decades are looking to harness their existing databases with the services offered through Juniper and Feeva to target ads at the neighbourhood level. As noted by a recent Wired article detailing Juniper’s integration;

IP-address detection is only accurate within 25 miles or so, and cookies that track users’ surfing habits don’t tell marketers about users’ location. Neither system meshes directly with all the demographic data marketers gathered about neighborhoods in the offline world…Feeva claims its software doesn’t tell marketers anything about web surfers except for their nine-digit zip codes. All their other personal information remains safe with their ISP.

The information that is included in the packet header is encoded in such a way that only ‘trusted third parties’ can translate the packet data to correlate it with geographical locations. Neither Feeva or Juniper are giving any indication that individuals will be able to opt-out of this information disclosure to third-parties. While one of Feeva’s VPs insists that their approach to advertising is privacy protective – on grounds that they “never see any personally identifying information, we don’t track online usage like behavioral [advertising does], and we only aggregate at the neighborhood level” – I have to question just how ‘protective’ any system is that lets advertisers link cookie information, IP information, and geographic information. Both Feeva and Juniper seem to be portraying the technology as an entirely discrete advertising system, but in reality any partners will likely be using the tried-and-true cookie surveillance practices that are widespread online. Now the data contained in cookies will be supplemented by certified-accurate information by the ISP. Moreover, I’m doubtful that geographic information will be limited to ‘trusted third parties’ forever: while the information might be kept from relatively uninterested attackers, a dedicated attacker/hacker should be able to reverse engineer the random data to geographic information in relatively short order. I trust the masses of curious hackers to defeat any corporate system that is meant to massively integrate with corporate systems than those corporations – who have no real reason, save for market exclusivity reasons, to do everything in their power to prevent the sharing of this information – to genuinely do everything in their power to secure individuals geo-locational privacy.

We should recognize that this kind of ISP ‘innovation’ is exactly the opposite of what most customers actually want. The cool stuff that customers genuinely enjoy on the ‘net has largely been produced by over-the-top services, not ISPs. While there are high returns in the Canadian telecommunications industry and abroad, even in times of recession, the present returns are seemingly insufficient: ISPs want into Google and Apple’s marketing pie and will use their monopoly power over data pipes to take ‘their fair share’. The problem, of course, is that most customers don’t want their ISPs to monetize data traffic beyond selling particular data speeds and capacity. They are happy when ISPs innovate in a manner that improves network efficiency, security, and customer service, but are far from pleased when they integrate packet-sniffing technologies for copyright enforcement purposes, packet modification services for advertising, or onerous packet delay systems.

Moreover, while individuals in a privileged position in society are less likely to be terribly nervous about the association of their geographic location with data packets, anyone who has even glancingly studied the impacts of demographic advertising and targeting realizes that the underprivileged are often disproportionately disadvantaged on the basis of their residency location(s). The underprivileged ‘enjoy’ food deserts, systemic discrimination at the hands of the state (see: Gilliom’s Overseers of the Poor), and limitations on their capacity to operate as fully integrated social participants (see: Curry’s Digital Places: Living with Geographic Information Technologies). In each of the above cases, additional surveillance technologies were not necessarily created with the intentions of harming underprivileged members and communities of societies, but simultaneously the technologies (arguably) lacked a genuine analysis of the responsibilities and potential harms accompanying them. It is critical that before we release new technologies into the wild that we both bake in privacy and reflect on the possible consequences for democratic social organization.

The ability to put something on a map is incredibly powerful. It locates, marginalizes, fixes, and focuses. Humans have gone to war over maps, over the power contained in depicting the world. Visual manifestations of the world-as-such carry philosophical, societal, religious, civil, racial, and ethnic overtones and thus must be treated with respect. While Juniper’s technology only draws on the customer database (and individual’s residence) to provide information to marketers, might this map-to-packet technology become integrated with mobile products in the future? Can the geographic location of a customer on a mobile device be transmitted using this technology to facilitate true proximity-based advertisements?

As concerned citizens and consumers, we should also ask: is the linking of previously separate database records (those of the ISP and those of the advertisement agencies) constitute a breech of the privacy agreements between end-users and their ISPs? Can any ISP unilaterally modify their privacy and business practices – can they extend to whom data is shared and conditions under which data packets are treated – or should they be held to account by the FTC and related national and international regulatory organizations?

Unlike the usage of deep packet inspection technologies, which ostensibly are used for security, billing, and traffic management purposes, the modification of packet headers for advertising purposes clearly falls well outside of the activities that are permitted by Canadian regulators. Attempting to integrate this technology into the Canadian telecommunications infrastructure should, and presumably would, be challenged by the Office of the Privacy Commission of Canada, civil and customer advocates, and the CRTC. Perhaps ISPs might attempt to fend off the CRTC by claiming that no content is inspected – the routers would only be adding a bit of information to the packet header itself – but the companies would presumably run afoul of the CRTC’s obligations to protect consumers’ privacy and the fact that a massive material change to contracting terms would have taken place. This is to say nothing of the absolute resistance to the technology that should be projected by advocates and the federal Privacy Commissioner’s Office.

Perhaps, however, the Canadian regulatory environment is well-enough established following the traffic management hearings that Juniper’s new add-on technologies will be unable to establish a hold amongst Canuck telcos and cablecos. In turning our gaze to the US, however, the FTC might be the best suited to protect consumers by way of enforcing existing privacy policies (and, I will note, that American technology companies such as Microsoft and Yahoo! are worried that FTC might begin doing just this) and preventing ISPs from actually rolling out this anti-privacy, anti-consumer networking technologies. As nations around the world mount regulatory meetings about how data packets can and cannot be handled over the coming months and years we will see whether technology add-in’s like those proposed by Juniper will be left to wither or blossom on the ISP-advertising vine.

Other posts you might be interested in:

1. Privacy Advocates and Deep Packet Inspection: Vendors, ISPs, and Third-Parties
2. Draft – Deep Packet Inspection: Privacy, Mash-ups, and Dignities
3. Deep Packet Inspection and the Confluence of Privacy Regimes

In this post I’m going to first give a brief background on iAd and some of the broader issues surrounding Apple’s deployment of their advertising platform. From there, I want to recap what Steve Jobs stated in a recent interview at the All Things Digital 8 concerning how Apple approaches locational surveillance through their mobile devices and then launch into an analysis of Apple’s recently changed terms of service for iOS4 devices as it relates to collecting, sharing, and retaining records on an iPhone’s geographic location. I’ll finish by noting that Apple may have inadvertently gotten itself into serious trouble as a result of its heavy-handed control of the iAd environment combined with modifying the privacy-related elements of their terms of service: Apple seems to have awoken the German data protection authorities. Hopefully the Germans can bring some transparency to a company regularly cloaked in secrecy.

Apple launched the iAd beta earlier this year and integrates the advertising platform into their mobile environment such that ads are seen within applications, and clicking on ads avoids taking individuals out of the particular applications that the customers are using. iAds can access core iOS4 functionality, including locational information, and can be coded using HTML 5 to provide rich advertising experiences. iAd was only made possible following Apple’s January acquisition of Quattro, a mobile advertising agency. Quattro was purchased after Apple was previously foiled in acquiring AdMob by Google last year (with the FTC recently citing iAd as a contributing reason why the Google transaction was permitted to go through). Ostensibly, the rich advertising from iAds is intended to help developers produce cheap and free applications for Apple’s mobile devices while retaining a long-term, ad-based, revenue stream. Arguably, with Apple taking a 40% cut of all advertising revenue and limiting access to the largest rich-media mobile platform in the world, advertising makes sense for their own bottom line and its just nice that they can ‘help’ developers along the way…

Regardless of the larger economic strategies Apple is involved in, what is key for our purposes is that the iAd system and its partners can utilize the smartphone’s locational awareness to deliver more customized applications. In the pre-iOS4 days, whenever an application wanted to access the GPS or wifi locational APIs users were presented with a very large warning offering notification that the application was trying to use the GPS/wifi. You had the option of touching OK or cancelling the request to the API. It was, as far as I was concerned, one of the best privacy-protective features of the phone.

Steve Jobs, in his most recent appearance at the All Things Digital conference, was asked by Walt Mossberg and Kara Swisher whether or not privacy was looked at differently in Silicon than in the rest of the world. Jobs responded,

We’ve always had a very different view of privacy than some of our colleagues in the Valley. We take privacy extremely seriously. That’s one of the reasons we have the curated apps store. We have rejected a lot of apps that want to take a lot of your personal data and suck it up into the cloud. Privacy means people know what they’re signing up for. In plain English, and repeatedly, that’s what it means. Ask them. Ask them every time. Make them tell you to stop asking if they get tired of your asking them. Let them know precisely what you’re going to do with their data.

Quite bluntly, this was a stellar response and were it being actualized in Apple’s present business practices it would cause the company to be one of the shining stars amongst technology companies looking to secure their customers’ privacy. Unfortunately, with the release of the iOS4 and iAd Apple seems to have significantly departed from the statements made by Jobs just a few weeks earlier. In order to install the most recent version of the mobile operating system on Apple’s devices, users must agree to a 45 page terms of service agreement. Buried within the agreement is the following:

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

While the data is claimed to be ‘anonymous’ one has to ask: how anonymous is a data stream that identifies where a person is regularly browsing the web to be served ads to late at night, in a residential area? I have extreme doubts that it’s going to be particularly challenging to link up geographic information with actual residences, and by extension names of people that can be presumed to be using the phone.

As noted by Daily Tech, while customers can prevent third-parties from collecting locational information there isn’t a similar way of preventing Apple itself from collecting locational data. Apple does not have a clear system that users can use to prevent such data collections, nor has Apple made it clear how often they will be collecting personal information or the full range of internal uses of the information. There is not presently a process in place that would reveal this information to customers or regulators. Further, opting out of third-party surveillance entails customers learning that they are being tracked and then visiting an Apple website and choosing to opt-out using the smart device.  Significantly, “[t]his opt-out applies only to Apple advertising services and does not affect interest-based advertising from other advertising networks.” The ‘granular’ opt-out approach demonstrates that we are against dealing with the worst-practices privacy regime that is prevalent in the US, where customers must track down all of the advertisers collecting personal information and then choose to opt-out to each advertiser. Given Jobs’ earlier comments, we should expect Apple to adopt an opt-in approach to advertising if Apple were to genuinely differentiate themselves from the rest of Silicon Valley in the privacy domain.

As noted earlier, we presently have no real understandings of what exactly will be collected and delivered to third parties – anonymous data sets is unclear, and what is required is a granular depiction of what specific individuals may/will be sharing out to iAd partners and Apple itself. While we presently have no information about what is shared, how long it is retained, and the full range of uses of the data, this might be changing soon. Apple’s rising market share combined with the popular appeal of their products has made them a target for regulators, which arguably has influenced the amount of attention the company has recently received from German authorities. The German Justice Minister stated that “users of iPhones and other GPS devices must be aware of what kind of information about them is being collected.” As part of this, the Minister expects Apple to open its databases to German data protection authorities and clarify its data collection and retention policies. It is possible that the shield of secrecy usually surrounding Apply may be breached by the Germans, and we can hope that other privacy authorities around the world will similarly put pressure on Apple to increase their transparency on the collection, storage, and transference of deeply personal locational information.

It’s important to note that with the recent iOS4 updates there are no longer any notifications when either Apple or a third-party attempts to capture your location for collection and service provision purposes; instead of a clear notice of this change individuals are left to their own devices to find the new settings. If you’re not particularly savvy, or aware of the change (I wasn’t: for several days I was surprised that no location information was been collected or used by the various applications that I use), then you’d have no idea that to modify location settings individuals would have to:

1. Open the ‘Settings’ panel;
2. Open the ‘General’ sub-panel;
3. Open the ‘Location Services’ sub-sub-panel;
4. Modify what applications can access locational data discretely, or locational settings as a whole.

The problem with this new approach is that there are times when I have no issues broadcasting my location to one of these third-parties and other times that I see absolutely no reason to share this information. Without any indication of when my device is having its location data polled I’m entirely unable to know when, for example, the Google Maps application is collecting my location data. Does it do so even when I’m just seeing the distance between two locations on a continent I’m not on? Only when I’m actively trying to sync my location with a Google Map? The same issue – a binary ‘locational tracking is on or off’ option – pervades the entire iOS4. Previously individuals were actually given control over what third-parties could gain access to locational data. The degree of this control, and by extension the ability of individuals to limit the transmission of personal information to third parties, has significantly degraded.

Further, we are forced to ask: has Apple always collected some location data without asking the user’s permission (and just noted this behaviour as happening in their Service Agreement as of now) or is this genuinely a novel practice? Should companies be permitted to massively reshape how they deal with private information, moving from what visually appears as a terrific opt-in system to a woefully inadequate opt-out system, without very clearly communicating the restructuring of company privacy principles and legal extensions of those principles? Burying changes in a 45 page service agreement, and several layers into the operating systems settings, does not constitute such a clear communication.

Advertisers have long-opted for incredibly poor modes of alerting customers of data collection, sharing, and usage. Steve Jobs, and by extension Apple, had previously asserted a set of privacy principles intended to set them ahead of their peers – Apple was to be the guardian of privacy by advocating opt-in privacy practices. Unfortunately, it seems that the hint of advertising dollars has led Apple to cast aside privacy principles in the hopes of making a quick buck at the expense of citizens’ privacy. While not necessarily surprising or even disappointing (Apple is, after all, a publicly traded company that is purely motivated to return profits to their shareholders) the high-profile company’s bait and switch on its privacy principles will hopefully attract regulatory attention and establish more ‘guidance’ so that other companies are less willing to sell out customers on behalf of the balance sheet.

BACKDATE:

It would seem that the co-chairmen of the House Bi-Partisan Privacy Caucus sent a letter to Steve Jobs on June 24th to address Apple’s new locational sharing policies. The letter included the following questions:

1. Which specific Apple products are being used by Apple to collect geographic location data?
2. When did Apple begin collecting this location data, and how often is data collected from a given consumer?
3. Does Apple collect this location data from all consumers using Apple products? If the answer is no, please explain which consumers Apple is collecting information from and the reasons that these consumers were chosen for monitoring.
4. How many consumers are subject to this collection of location data?
5. What internal procedures are in place to ensure that any location data is stored “anonymously in a form that does not personally identify” individual consumers? Please explain in detail why Apple decided to begin collecting location data at this time, and how it intends to use the data.
6. Is Apple sharing consumer location information collected through iPhones and iPads with AT&T or other telecommunications carriers?
7. Who are the unspecified “partners and licensees” with which Apple shares this location data, and what are the terms and conditions of such information sharing?
8. How does this comply with the requirements of Section 222 of the Communications Act, which mandates that no consumer location information be shared without the explicit prior consent of the consumer?
9. Does Apple believe that legal boilerplate in a general information policy, which the consumer must agree to in order to download applications or updates, is fully consistent with the intent of Section 222, and sufficient to inform the consumer that the consumer’s location may be disclosed to other parties?
10. Has Apple or its legal counsel conducted an analysis of this issue? If yes, please provide a copy. If not, why not?

Apple has until July 12 to reply.

Other posts you might be interested in:

1. Solved: Apple SATA II 1.7 Firmware Problems
2. Comment: Apple, encryption, and being uber-lame
3. Review: Apple iPad

Let’s get into some ‘concrete’ examples to engage with this matter. First, I want to point to geo-locating trace route data, the information that identifies the origin of website visitors’ data traffic, to start thinking about mashups and privacy infringements. Second, I’ll briefly point to some of the challenges arising with the meta-coding of the world using Augmented Reality (AR) technologies. The overall aim is not to ‘resolve’ any privacy questions, but to try and reflect on differences between ‘specificity’ of geolocation technology, the implications of specificity, and potential need to establish a new set of privacy norms given the bio-digital fields that we find ourself immersed in.

There are various ways of identifying the geographical origin of data traffic on the ‘net; the rough geolocation of traffic origins is not a newfound phenomena. What is relatively new, however, is the ease by which non-technically minded individuals can ‘track’ the location of their web visitors. For example, I could export the server logs associated with visitor traffic to this website into an XML format and then play with it using the Google Maps API to locate where most visitors are from, or I could rely on a service such as TraceURL (a web shortening service) to create a more general understanding of visitors’ geolocation by seeding the link and a description of its destination across the web. Regardless of which method is used, below is a set of screenshots that show the level of detail that is easily, and freely, gained by such geolocation efforts in just a few minutes (most of the time involved is the creation of accounts).

This information is ‘public’, insofar as individuals move throughout the ‘net and deposit little elements of their geographical location as they pass from link to link. We know this. The question is whether or not associating that information with geographical location in a (relatively) novel visual sense constitutes some sort of a privacy infringement. Does my stripping of other people’s perceptions of digital anonymity mean that I have offended a normative expectation of privacy online? Given that I can identify who these particular individuals are by relying on a mashup of public data sources and applications, am I subsequently responsible for keeping this information away from the public eye? Am I obligated to either encrypt these data sources so that the chance of their being copied as minimal, or purge them, given their potential to reveal who is reading what I write?

We might argue that this is absurd on a few different levels; IP-based geolocation is not perfectly accurate, and in fact can often give you broad rather than specific ideas of where visitors might be. Further, the various data sources that I can access to ‘map’ my visitors is already publicly displayed and accessible through alternate data display environments. More seriously, we might worry locating data traffic could constitute a privacy infringement should I then use that information to target individuals, classifying them based on data points and thus (arguably) stripping them of their situated cultural values. This is the essence of Curry’s worries in his 1999 paper, “Rethinking Privacy in a Geo-Coded World.” He argues that there is a privacy infringement when data is collected and used to geographically differentiate and discriminate against individuals on the basis of mashed up (and sometimes aggregated) private information.

We might argue that mapping visitor on a map, and then combining that with additional third-party sources to predict who the specific visitor is, might not necessarily constitute and infringement on anyone’s privacy if there is ambiguity, inaccuracy (thus the surveillance in not complete) and limited processing of ‘public’ or ‘semi-public’ information. Finally, so long as there is no effort to use this information to subsequently affect the embodied reality of an individual or, perhaps more precisely, manipulate the bio-digital fields they are immersed in, the data subject cannot be seen as ‘affected’ by, or discriminated using, any such mapping. At most, there is an emotive shock or surprise at the capability to map data; shock drawn from the ignorance of technological possibility does not seem to be a convincing reason to radically alter normative understandings of privacy, though it might give rise to democratically oriented normative approaches to technological developments.

Whereas IP-based geotagging, even when combined with other data sources, is likely to be ambigious, how should we understand the ‘tagging’ of people and things using AR technologies? Juniper Networks has identified AR as a ‘boom’ technology, but in the absence of regulatory guidelines we can expect the next few years to be as ‘Wild West’ as the ‘net was in its earliest public days. Accompanying this lack of regulatory oversight is a very real question of privacy with AR; what happens when another person geotags your location, or the location of your (expensive) private property without asking for your consent? What when they add to your own tag’s meta-information to expand it to what you consider ‘personal’ or ‘private’ information?

In the case of AR we seem to be at an exciting moment, but the potential to share personal information about ourselves and others can be significant; telling my friend that I’m going away for vacation is fine, but when I mention it on Twitter (which can locate the precise physical origin of a tweet and associate it with my username) then I’m adding metadata on top of my own world. My bodily existence is, in effect, very immediately penetrated by digital code. Significantly, this code does not share the same (relatively non-mobile) characteristics of information shared in the analogue world; digital code can be mashed-up, displayed on a relatively ‘static’ map or potentially ‘seen’ using an AR program such as TwittaRound (demonstrated below):

Does the ability to ‘mash-up’ data and very specifically locate an individual mean that we need to rethink how individuals conceptualize their privacy, and do we need to establish new norms for what others can do with ‘my’ data, or data related to me? If I tweet ‘home again!’ from the comfort of my apartment, and someone else appends some information to my metadata identifying the value of items in my home, or even creates separate tags while in my home (e.g. snaps a picture of my computer system with a note ‘holy shit that’s expensive!’), what are the norms at play? Should it be treated as the revelation of personal information without consent, and if so should a tort-based system be deployed to remedy inappropriate data disclosures? Does this even make sense – should AR actually become the phenomenal technology that it is expected to be, ought we mould AR to accommodate already existing privacy norms that were developed for other technologies, other modes of revelation, or establish new norms to adjudicate permissive behaviour using these new and highly specific technologies?

I have previously argued that the latter, rather than the former, is the path that needs to be adopted in the face of radically novel technological transformations, that privacy norms generated for the analogue world are unsuitable for the digital; at the minimum, they must undergo a translation if not recreation. Extending beyond that past work, however, I wonder if there is an increasing need to create norms for the bio-digital, for the highly specific intersections of data as imposed on the ‘real’ world? Does the transparency of data and data markers genuinely constitute a ‘new’ problem, or is it simply another instantiation of transparency into the ways that data has always been manipulatable? In the face of the recognition of the ways that data can be used, and the resulting public resistance to such uses, should we restructure the very processes by which we can specifically identify individuals using public data?

I’m not certain what my response to these questions should be, or are. The conservative side of me very definitely wants to say that there isn’t a need for new norms, that we just need to flesh out principles for digital privacy and have them applied across the board to capture individuals, governments, and corporations alike that are implicated in modifying the individual’s bio-digital field. For some reason, a reason I’ve yet to put my finger on, this doesn’t quite sit with me. Perhaps it’s because I see the bio-digital generating new situations for experiencing data and thus demanding a new set of normative expectations to capture these situations’ full scope. Perhaps its because the massive visualization of data seems to lead us to a new era of engaging with the digital. Maybe it’s just because I want to make things harder than they need to be, in an (unconscious) desire to find new places to think through *grin*.

Other posts you might be interested in:

1. Public and Private Digital Space
2. Who the Hell is Digital Privacy About?!?
3. Thoughts: Why do I focus on digital privacy issues?

1. Does the Streetview image-taking process itself, generally, constitute a privacy violation of some sort?
2. Are individuals’ privacy secured by just blurring faces?
3. Is this woman’s privacy being violated/infringed upon in so way as a result of having her photo taken?

Google’s response is, no doubt, that individuals who feel that an image is inappropriate can contact the company and they will take the image offline. The problem is that this puts the onus on individuals, though we  might be willing to affirm that Google recognizes photographic privacy as a social value, insofar as any member of society who sees this as a privacy infringement/violation can also ask Google to remove the image. Still, even in the latter case this ‘outsources’ privacy to the community and is a reactive, rather than a proactive, way to limit privacy invasions (if, in fact, the image above constitutes an ‘invasion’). Regardless of whether we want to see privacy as an individual or social value (or, better, as valuable both for individuals and society) we can perhaps more simply ponder whether blurring the face alone is enough to secure individuals’ privacy. Is anonymization the same as securing privacy?

Of course, discussions of ‘securing’ one’s privacy must gravitate to whether not ‘securing’ or ‘controlling’ one’s personal information is the best means of framing privacy discussions. Such discourse often reaffirms liberal positions that information somehow belongs to individuals and that their personal dignity depends on their controlling or limiting ‘violations of the self’. Given that we are necessarily involved in exchanges of personal data throughout our lives, and that such exchanges are not necessarily infringements on our individualism or personal dignity nor entail entail explicit data sharing relationships, the idea that we can ‘control’ ourselves is questionable at best.

Simultaneously, the attitude that there is no privacy in public seems at odds with how we understand the world we live in – we expect (hope?) to be left alone when intentionally secluded in a large park, and feel annoyed when another person moves close to us when there were other places they could occupy in the park. Similarly, we would feel that something was wrong were someone to follow us everywhere we went in public; we expect a certain degree of privacy (anonymity?) in public, even when we are walking ‘in public’. There is really a certain ‘ick’ reaction when some public images are captured and then widely disseminated online (such as the above Google Streetview picture) – there is an expectation that certain contextual, culturally specific privacy norms  should carry over into ‘public’ spaces. While technology advocates might say that privacy norms are shifting as rapidly as the technologies that are infusing our lives, I would suggest that this position is likely over-emphasized by tech companies. These companies, especially those who espouse to ‘do no evil’, should (ought to?) respect the cultural norms of the countries they are operating in. The challenge, of course, thus becomes “how can we identify cultural norms,” and “can we/should we understand cultural norms are paralleling legal norms?”

Unfortunately I don’t have the time to effectively delve into possible ways of understanding these norms, and I recognize that doing so is challenging at best, but companies that want to avoid doing evil would be well served to realize privacy as a cultural, rather than an engineering, issue.

Other posts you might be interested in:

1. Search and Privacy
2. Online Data Storage and Privacy
3. Privacy Issues Strike Street View (Again)

There are major updates coming to Fire Eagle:

…users will soon be seeing an ActionScript Fire Eagle library and a Mozilla Firefox geo-plugin that locates users via WiFi MAC addresses. Also coming up are new XMPP libraries. (Source)

It’s the focus on the Firefox geo-plugin that I think will be most interesting to watch. Given the Mozilla is currently developing their Fennec browser for mobile environments, it suggests that the Fire Eagle plugin could come to phones and other mobile devices that are Internet-by-WiFi but not GPS or data plan enabled. Using a browser plugin, it should be possible to identify your location on a map simply by being in vicinity to wireless APs, regardless of whether you can actually authenticate to them (similar to how users with iPod Touches can currently roughly locate themselves on Google Maps via WiFi MAC address detection). Below is an image of Mozilla’s beta-version of Fennec.

(Source)

As a person with an iPod Touch, I absolutely adore it’s WiFi location features – I haven’t gotten lost in my new city since purchasing the Touch. At the same time, and as an ardent user of the device, I have to wonder what impacts might be associated with the truly mass deployment of such technologies, how it could integrate with behavioral advertising systems.

Other posts you might be interested in:

1. Update: Geolocation and Mobiles
2. Update: Associating Canadian ISPs with Anonymized Data Traffic Submissions
3. Privacy worry over location data – Solution is from Facebook?

While many people have already written and spoken about Latitude, I’ve found myself on a fence. On the one hand, I think that some of the criticisms towards the ‘privacy’ features of the program have been innane – at least one privacy advocate’s core ‘contribution’ to has been a worry that individuals might be given a phone with Latitude installed and active, without knowing about its presence or activation. As a result, they would be tracked without having consented to the program, or the geo-surveillance.

Forgive me, but this isn’t really a privacy problem that Google needs to address, but rather a User Interface issue for them, and a trust issue between the persons who are exchanging the Latitude-enabled device. While true that you could be given a Latitude-enabled phone by someone, they could also give you a GPS-enabled wristwatch, hire a PI, or do numerous other actions. That Google is providing another tool isn’t really the core issue that privacy advocates actually want to focus on. That said, it’s easier to ‘wage war’ against Google than actually address broader UI issues and consumer education challenges.

At the same time, as someone who worries about privacy issues, I am sympathetic to positions that state, roughly, “Latitude is a concern, not because of the service itself, but because Google isn’t being wholly transparent about data retention, analysis, etc.” (I should note that Google is stating that they only retain the most recent location update. In this way, it at least superficially appears that they are being fairly transparent about Latitude…) Moreover, there is set of a deeper issues with Google’s data retention (that extends beyond Latitude), which include: is data collected by Google on your movements subject to supeona? Can the government sue for it? What does it mean for your data to be housed in locations beyond your jurisdiction? Will this kind of data be subject to data retention requirements by governments? Can a government agency get a court order that will require Google to copy and transfer location data to law enforcement?

Something to note about all of these: They are part of a larger debate on data privacy, data security, data sharing and the role of law enforcement/national intelligence services/private purchase of this data. Latitude is implicated in that debate, but the larger debate needs to be had, not a debate that dominantly focuses on Latitude. Essentially, I’m saying that Latitude shouldn’t distract tremendous resources or time from those larger debates, and I worry that in chasing off after each new technology, rather than technology-classes, advocates run the risk of exhausting themselves without actually addressing their core concerns. What hasn’t been addressed (at least as far as I’ve read), is that the UI for the Latitude program is actually very explicit when it comes to where to adjust your privacy settings – see the image below for just how clear it is.

Google isn’t hiding the fact that people want to adjust their privacy – it’s two ‘clicks’ away from the google maps screen (‘Options’ >> ‘Privacy’). Personally, I think that the best thing that Google could do would be this: when a user first installs Latitude, they are immediately given the option to view Google’s brief privacy video associated with Latitude. The video does a decent job at alerting users to how privacy settings function, and can be viewed below:

Will this video address advocates’ larger concerns? No, it won’t, not really. It will, however, leave the consumer marginally more informed than they would have been if they hadn’t viewed the video. Consumers are more likely to watch a video that’s a few minutes long than read a privacy policy, and will likely only watch this video if it is either put in their face, or they are actively interested in the privacy policies associated with the service. The latter group will find out about Latitude’s privacy settings anyways – it’s the former group that will be best helped by putting the privacy video front and center. If Google were to give their users the option of viewing this video when the program was installed on either a computer of mobile device, I can only imagine that a vast number of the more reasonable privacy advocates would be satisfied. At the very least, Google’s rhetoric of ‘transparency’ would be more substantive, and hopefully advocates would be able to move on to substantively engage with deficiencies in the privacy information that was presented by Google than spin narratives that most consumers will scoff at.

Other posts you might be interested in:

1. Google Analytics, Privacy, and Legalese
2. Fear, Uncertainty, Doubt and Google Corporation
3. Thoughts: Google and ‘Interest Based’ Advertising

With the advent of the iPhone and other easy-to-use smart phones (typically read: not Windows Mobile devices), more and more people are wanting to find where they are using the built in mapping software. Moreover, advertisers are chomping at the bit to provide ads to individuals when they surf the web with their mobiles, personalizing the ads to customers’ interests and proximate geolocation. Unipier’s family of devices opens the door for cellular providers to begin this detailed level of geolocation, and it should be noted that Bell has begun to integrate Unipier devices into their network architecture.

Telecommunications corporations can, theoretically, target individuals if they can effectively leverage their various data objects spaced across databases through sophisticated data mining. The concern that these companies face, of course, is that their customers will be ‘creeped out’ by the association of geolocation and personal interest history, and could thus drive customers away from any telecommunications provider that tries to integrate contextual advertising and subscriber location information.

Over at webmonkey, a web developer blog, they are calling for the integration of geolocation information into mobile browsers ASAP. By integrating this information directly into the browser, it will be possible to avoid the need to create applications that wrap around browsers – instead of opening a separate application, it would be possible to transmit your location while surfing the web. Effectively, by integrating geolocation directly into the mobile browser, programs like Sniff (which can provide a detailed map of a friend’s location in real-time) will be banished. Of course, this would deprive telecommunication corporations the opportunity to haul in cash for relatively simple applications, which suggests (to me, at least) that for ‘privacy reasons’ we’re going to see telecoms try and resist the wholescale integration of geolocation into browsers; I get the feeling that the profit/data use ratio for a ‘sniff’ is far, far greater than that of sending a small packet of data on a data plan.

Other posts you might be interested in:

1. Update: Geolocation and Yahoo!’s Fire Eagle
2. Update: Mobiles and Your Identity
3. Mobiles and Your Identity

* It’s opt-in
* It allows for granular, application level, sharing of information
* It keeps limited historical data – it “keeps only the most recent piece of location information it has received for each of the major levels it understands: Exact Location, Neighborhood, City, State, Country etc. If a new piece of “Exact Location” information comes in, then we throw away the old one.” (Source)
* Yahoo!’s developers anonymize user data, and assert that they will exclusively use it for system statistics as it pertains to updates and improving service (no notes on how data is anonymized, however)
* The privacy statement makes note that users need to read the privacy agreements of the applications that utilize/integrate Fire Eagle
* Yahoo! notes that their partners must consent to terms and services, and a code of conduct, and Yahoo! provides a space for users to complain if they think that a Yahoo! partner is violating their agreements with Yahoo!.

But, but, what about those third parties!?!

A BBC article that talks about this new service (Privacy worry over location data) really identifies the core privacy concern that most advocates seem to have with this service:

The problem for privacy watchers is that privacy policies across the web are all very different and using a service through a third party could raise some real issues.

This is a very, very real concern, but one that I think is misidentified by the popular media. While it’s true that people (such as myself) are concerned about the actual legibility of privacy policies (most are in complicated legalese, and as such effectively meaningless – someone can’t reasonably be expected to consent to a contract that they have no way of understanding), another (perhaps more significant issue) is that when most contracts state that they won’t share information with ‘third parties’ they really don’t clearly identify what a third party is.

Let me unpack that last bit, just a little. Let’s say that you enter into a contract/agree to an EULA with Company Alpha (Company A). Unbeknownst to you, Company A is a subsidiary of Company Big (Company B for short), who is a subsidiary of Core Company (Company C, for short). When you enter into an agreement with Company A, your information can often be passed around the rest of the corporate family without violating the contract that you consented to. Of course, the average consumer has no clue who is a member of a ‘corporate family’, and is still vulnerable to the commonplace divergent understandings of corporate privacy policies in the various subsidiary corporations. Most people are also unaware that this means that their granular data, which is on its own not terrible useful or informative about themselves as users, is drawn together to compose substantial data doubles, and that these doubles are (a) valuable; (b) used to discriminate against consumers without their being aware of the discrimination taking place.

Alleviating third-party worries

I hesitate to say that I necessarily LIKE this way of doing things, just because I’m hesitant about how facebook actually operates. That said, Facebook is releasing a new service (Facebook Connect) where the privacy settings that you establish in the Facebook environment will carry along with you to the other websites that you access. Of course, this means that Facebook will be gathering information on where you go, what you do, and so on. It also means that to enjoy a unified privacy policy that you’ll need to be a member of Facebook – you’ll need to be willing to give a corporation access to your personal data to enjoy something that you really should be able to expect a government to set up for you.

Nevertheless, Facebook’s Connect Platform may offer a way for Facebook users to enjoy a common attitude towards privacy. This is one of the solutions that Lessig notes in Code 2.0, but I remain concerned about the solution for the reasons that I addressed in my MA thesis. Namely:

1. Without federal/state/provincial regulations, violations of a corporate policy lack a clear punitive strategy. Without a monetized penalty, corporations may be less willing to entirely abide by the codes of conduct.
2. It makes it challenging to enjoy a granular privacy policy – I may not want to let Nike know much about me, whereas I’m comfortable telling the local government a great deal.
3. What happens if a particular group chooses not to ‘buy-in’ to the Facebook program for their own, valid, reasonings? Are citizens to become citizen-consumers, where to enjoy their constitutional rights they are limited to the corporate brands that they see as ‘healthy’ to them?
4. Why *shouldn’t* government be the body responsible for setting these kinds of rules and regulations, and developing the IT frameworks to allow all citizens to have consistent privacy frameworks across their browsing experience. I’m not suggesting that citizens would subsequently be required to use the government systems, or that there aren’t inherent challenges with any large body establishing a common privacy level that travels with me across the ‘net, but I’m far more comfortable with a democratically legitimated body doing this than a for-profit corporations who just wants to harvest my personal information.

Ultimately, however, I want to quickly return to Yahoo!’s own stance toward privacy and Fire Eagle. Yahoo! is being reasonably up-front, honest, and genuine with the consumer – they’re doing their job in providing the information that consumers really need to be aware of, in language that is easily accessible. Whether or not people read the privacy policy, the policy isn’t one that is so filled with legalese that it’s non-sensical to the average person. This, in and of itself, is a massive change in how the industry constructs their privacy notices, and is something that reflects well on their division of Yahoo! services.

Technorati Tags: Fire Eagle, Geolocation, Lessig, privacy, Surveillance, Yahoo!

Other posts you might be interested in:

1. Facebook Got Off Easy: Third-Parties and Data Collection
2. Privacy: Available on Facebook for a cost (kinda)
3. Facebook Fights Search Engines Over Copyright