The controversy about location privacy is heating up: we know because they are talking about it in congressional hearings, so we can expect all sorts of ‘intertubes’ nonsense coming from that.
- Alexander Howard, Congress hears testimony on location-based services and online privacy
“Location-based applications and services are springing up each day like wildfire,” said Rep. Bobby Rush (D-Ill.), chair of the Subcommittee on Commerce, Trade and Consumer Protection, after the joint hearing with the Subcommittee on Communications, Technology and the Internet. “Yesterday, there was Facebook, and in the not-too-distance future we will be encountering something more akin to a ‘Placebook.’”
I bet we will be hearing about ‘Placebook’ for a long time.
Others are weighing in:
- Marshall Kirkpatrick, Location Data Sensitive Like Medical Information, Says Congressional Witness
“The writing is on the wall that there will be baseline privacy legislation introduced,” said John Morris, general counsel for the Center for Democracy and Technology at a Congressional hearing on location data and privacy yesterday. “It will require location be treated as sensitive data, like medical data. You’ll need to do more than just post a disclosure statement.”
We’re entering an era of location as platform, but should that location data be as fundamentally private by default as medical information is?
Many users are concerned about their location being exposed in ways they don’t control, and that have adverse impacts on their safety and freedom. That’s one side of the debate. These concerns could cause the development of location-based services to backfire, argues the Center for Democracy and Technology’s Erica Newland in a blog post today:Location privacy is a timely issue here at the dawn of the location-enabled Web: ensuring that location information is subject to neither commercial nor government misuse - but is instead transmitted and accessed in a privacy-protective way - is essential to the long-term success of location-based applications and services. Beyond the risks to individualsʼ privacy, the present lack of privacy protection also creates market risks for the very companies seeking to capitalize on location services.
That’s well put, but does location data need to be default private like medical information in order to prevent misuse, and to support an economy of innovation? Some people believe that it is the culture of sharing by default that makes location-based services what they are.
As writer Kit O’Connell said in our Google Buzz chat on this topic: “people will never treat location like medical data, because they are so willing to give it up to the world in so many cases. It becomes an issue of surveillance vs. sousveillance.” Sousveillance is outward-facing surveillance. Location-based social networks offer not just a way for us to be seen, but a way for us to see what the rest of the world around us is doing. Checking in to a location is interesting not just so other people know you’re there, but so you can see who else you know has been there as well and what they said about it.
I don’t think location is anything like medical information. For example, if you are walking down 2nd Ave in NYC, and I am passing by and see you, I have access to your location information by the nature of shared public space. There are no protections offered by our laws or the strictures of polite society that would stop me from ‘accessing’ that information: it is a part of the physical universe, and the laws we have for governing the concealment of identity. You can’t walk around in NYC with a mask on your face, for example.
And a person can take a picture of you on 2nd Ave, and publish it. Protected by our laws.
Or you can have a webcam pointing out your window on 2nd ave, and broadcast whoever is walking by.
Backing up on the various legal precendents for these rights of free expression is probably something I should do, but not today. Nonetheless, that is the state of the world in the US today.
At the same time, it would be illegal (and rude) to walk up to you on 2nd Ave and draw a blood sample without your permission, and even more illegal to post the results on the web. We have protection against that, already.
And it is not illegal to note that you left your apartment at 4am with a strange blonde: the paparazzi make their living on this.
So whatever we do about location has to sit in the context of what is currently protected and what cannot be, in practice.
The deeper questions I have aren’t about location privacy, which is predicated on the idea that anything that might possibly be kept private should be private unless explictly made public. I am interested in location publicy: how can we structure our social tools so that location can be shared by default, but with social scale built in. This is a circles of trust approach, as I advocated in this recent post and again in this one.
These ideas are like the difference between copyright law (where any use of material aside from short excerpts must be explictly requested, or else it is illegal to use) and creative commons (where authors can state at the outset what sorts of use are acceptable, so requests don’t have to be made to legally use such material).
But publicy starts from the premise that people want to share information about themselves — for example, their location — so that they and their contacts can benefit from it. The benefits in this context are generally what Matt Biddulph at Dopplr calls ‘coincidensity’: the likelihood of bumping into friends is increased.
Something like creative commons for location — a location commons — has to emerge, so that individuals can state exactly how their location can be used. But this can’t be accomplished by simple privacy-based on/off settings, like a Do Not Call list. It should be based on a rich social model, allowing us to assert what degree of location specificity we want to share with which degrees of connection in our social networks.