Archive for the ‘Location’ Category

21 Nov 2012

Employee privacy – a balancing act

Companies are always seeking ways to improve productivity.  The most innovative and successful methods can create some positive buzz around a company.

Other approaches can sometimes be ill-advised, premature or ineffective, and this can make waves within an organization.

Last month, a law firm in Toronto was the subject of some media interest over its highly controversial plan to use fingerprint-scanning technology to monitor the comings and goings of its administrative staff. The plan was meant to ensure that staff were not “abusing the system” with lengthy lunch breaks and short work days. Media reports and blog posts zeroed in on the privacy implications of such a plan.

Our Office wouldn’t have oversight over this specific employment matter – we only have oversight into matters of employee privacy in federal works, undertakings, or businesses (lovingly referred to as “FWUBs”). Otherwise, employee privacy is largely a provincial matter, with several provinces having passed privacy legislation that applies to personal information of private sector employees. It’s unfortunate that there is little redress for employees in those provinces that do not have legislation in place, this being one such case in point.

An employer’s need for information should be balanced with an employee’s right to privacy. While employers may be focused on increasing productivity, they should seek to ensure that they weigh the benefits of any potentially privacy-invasive plans against the costs — and not just economic  costs.  Cost considerations should include potential impact on staff morale, loss of trust and loss of human dignity.

Law firms, in particular, could set a model example in how they handle personal information when managing their law practice. In Girao v. Zarek Taylor Grossman Hanrahan LLP, Hon. Justice Richard Mosley wrote,

““Law firms providing advice to clients who deal with the personal information of their customers must be knowledgeable about privacy law and the risks of disclosure. Lawyers also have a public duty to protect the integrity of the legal process. The failure of lawyers to take measures to protect personal information in their possession may justify a higher award than that which would be imposed on others who are less informed about such matter.”

While the Federal Court was referring to the personal information of clients rather than employees in those circumstances, it’s still a significant message about the high standards of conduct judges expect lawyers to live up to.

We hope law firms will take the opportunity to consult our privacy guidance for lawyers. And we hope organizations will take advantage of the other resources we have on dealing with workplace privacy issues, including our fact sheet for human resources professionals.


29 Mar 2011

Insights on Privacy – Adam Greenfield and Aza Raskin

On April 20th, 2011, our Office is holding the third Insights on Privacy armchair discussion. We heard in February about what motivates us to reveal or conceal details of our personal lives, and how we protect the private lives of others around us.

To complement this talk, we’ve invited tech innovators Adam Greenfield (@agpublic) and Aza Raskin (@azaaza) to explore opportunities for privacy in the design of intimate devices, like smart phones, that we share our lives with every day, to the sensor-rich landscape that’s upon us. We’ll discuss opportunities for companies to empower individuals with greater choice and control over how their data are used and for greater collaboration within and across industry sectors.

In his 2006 book Everyware, Adam Greenfield argued that we were headed for a world in which keeping the boundaries between different roles in our lives was going to prove untenable. That notion is coming to pass with the current debate over the public/private divide and the blurring of our various roles and reputations online. Adam was Nokia‘s head of design direction for user interface and services from 2008 to 2010 and Lead Information Architect at Razorfish Tokyo. His current projects through Urbanscale focus on improving how users experience technology, such as stored-value cards for public transit and many other “smart-city” initiatives.

Aza Raskin’s passion for improving the way we experience technology recently had him heading up user experience for Mozilla, developer of the popular Firefox browser, where he rethought and simplified conventional approaches to privacy policies. Raskin left Mozilla in late 2010 to launch the start-up Massive Health, with the goal of helping people improve control of their health through innovatively designed technology and the ways we interact with it.

The video of this event will be made available after the event, as we did for the December 10, 2010 event with Jesse Hirsh and Chris Soghoian and for the February 28, 2011 event with Christena Nippert-Eng and Alessandro Acquisti.

Space is limited and is available on a first-come, first-served basis. Please RSVP before April 15, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Wednesday, April 20, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2nd Floor, Salon Vanier/Stanley


9 Mar 2011

A creepy app

While there are always advance warnings about the potential privacy risks of emerging technologies, it usually takes a “killer app” for people to take notice of the real dangers. For geotagging, that app is the rather aptly named creepy.

Photo geotagging — the embedding of geographical location information within digital photos — is becoming increasingly common as a side effect of regulation by the US Federal Communications Commission.  By September 11, 2012, American mobile wireless service providers are required to provide precise location data to improve 911 emergency service. To meet this directive, more and more mobile phones sold in North America now have built-in GPS chips.

Often times, the embedding is automatic. If consumers take a picture with their GPS-enabled phone and haven’t specifically disabled geotagging, the coordinates where the photograph was taken become a digital record contained within the picture file. If enough of these location-tagged photographs are taken and uploaded to on-line sharing services, the aggregated GPS information can indicate a pattern of behaviour. If your picture gallery also contains a self-portrait, it becomes possible for strangers to track you down in person.

Creepy can harvest data from a dozen of the most popular photo hosts, including flickr, twitpic and yfrog, then illustrate any found location data with Google Maps. The result is a visual cluster of your usual whereabouts: your favourite park, your place of employment, or your home.

Have you checked your mobile’s camera settings for mention of geotagging or EXIF data embedding? If not, now is a good time to familiarize yourself with the configuration screen. Consider turning those “features” off, unless you have reason to do otherwise.

12 Aug 2010

Badges? Badges? We don’t need no stinkin’ badges!

Loyalty discounts, the power of recommendations, serendipitous encounters with friends and colleagues, recognition badges, and stalkers. I think that’s a fair summary of most commentary about the growth of location-enabled services and tools.

Location is just one piece of information that can be generated by most smart phones, but is the most relevant for a marketer eager to deliver precise and context-specific messages to a consumer on the move. It is also a highly useful data point for a social scientist trying to measure the flow of human migration and socioeconomic progress, as in the case of Nathan Eagle’s research in the slums of Kibera, Nairobi, Kenya.

Between June 2008 and June 2009, Eagle and his co-researcher evaluated the calls recorded by mobile phones across Kenya (with all callers’ identification replaced with unique hashed IDs) to focus on calls originating or ending in Kibera. Their research tracked between 53,000 and 74,000 calls a month and a total of 18,000 individual callers during the year.

What did this data reveal about individual mobile phone users? “With each call, we can infer a number of individual characters such as

  • spatial data (by the location of the cell tower that transmitted the call),
  • economic data (the average length of each call, the amount of pre-paid minutes an individual has put on their phone, the type of phone),
  • an individual’s regional or tribal affiliation, and
  • a radius of migration for groups of individuals (by the distance between locations of cell towers calls have been made from).”

A first indication from this research is that Kenyans only live in the Kibera slum for a mean of 1.559 months. This high rate of movement and population turnover “supports the theory that slums act as a filter as opposed to a sink where there is a large amount of flux within the slum population.”

Amy Wesolowski, Nathan Eagle, Parameterizing the Dynamics of Slums

Eagle’s work in Kenya is an extension of a research project originally conducted at MIT, where 100 students were provided with mobile phones for 265 days. The mobile phones were equipped with custom survey software that recorded data and prompted the students with questions when certain conditions were met.

How much data?

“From the studies, we gathered 370 megabytes of raw data, including short recordings from 667 calls, 56,000 movements, 10,000 activations of the phone, 560,000 interaction events with our applications, 29,000 records of nearby devices, and 5,000 instant messages.”

Thankfully, from a privacy advocate’s point of view, the researchers also had to struggle with (a limited number of) weak points in their data sets – instances when the participants didn’t bring their phone with them, consciously turned the phone off, or simply ignored it. I would like to think that some of this reflected a conscious effort to mediate information collection, but it was probably just fatigue or forgetfulness.

There was one significant distinction between the two projects: the active involvement and acknowledgement of the participants. In Cambridge, the participating students were walked through the information collection process, provided with details about the information that would be collected, and required to complete a consent form(.pdf).

M. Raento, A. Oulasvirta, N. Eagle, “Smartphones: An Emerging Tool for Social Scientists“, Sociological Methods Research 37:3, 426-454.

This is an important point when it comes to the collection of location data, especially when it is associated with other personal information: individuals want to know what is happening with their information, and would like some element of control over its use.

A recent and exhaustive examination of the 89 then-available location-sharing services (really, who can keep track?) by researchers from Carnegie Mellon University noted that “the willingness to share one’s location and the level of detail shared depends highly on who is requesting this information (or knowing who is requesting this information), and the social context of the request.”

Supplemental interviews confirmed that potential users had particular scenarios in mind when evaluating the benefits and risks of these services: scenarios that would best be addressed with more detailed privacy controls, rules and conditions (explained in detail in the paper):

  • Blacklists
  • Friends Only rules
  • Granularity of controls
  • Group-based rules
  • Invisible status
  • Location-based rules
  • Network permissions
  • Per request permission
  • Time-based rules
  • Time-expiring approval, or
  • No restrictions

Janice Y. Tsai, Patrick Gage Kelley, Lorrie Faith Cranor, Norman Sadeh, Location-Sharing Technologies: Privacy Risks and Controls

Obviously, there are significant gaps in how personal privacy is protected when information is collected and analyzed in a large scale research project, a smaller experiment and within the context of online commercial services.

6 Aug 2010

Something new between us and our Calvins

In a move to monitor inventory in its stores, Wal-Mart will launch an item-level Radio Frequency Identification (RFID) inventory tracking program starting August 1st, 2010.  In its first phase, the system will track individual pairs of jeans, socks and underwear.  The items will be tagged with removable RFID tags that can be read from a distance using hand-held scanners so employees will know what sizes are missing from shelves and what is in the stock room, all in a matter of seconds.  If the program is successful, it will be rolled out at Wal-Mart’s more than 3750 U.S. stores with more products.

The upside of RFID systems have been well-documented –they help retailers better control their inventory and cut costs for consumers,  create efficiencies in our health care system, increase customer convenience (enter the smart coffee mug), and save valuable time for consumers (let’s face it, the ability to push a shopping cart through an RFID reader that instantly calculates your grocery bill without removing a single item from the cart sounds down-right heavenly!).

RFID systems also continue to be rolled out new contexts: we have written about privacy issues surrounding the use of RFID in the workplace, Northern Arizona University is using their RFID enabled student cards to track student lecture attendance,  transportation systems use RFID to monitor traffic flow, our passports are being equipped with RFID chips and our pets are tracked and monitored via RFID implants.

While these systems can be really useful and save us time and money, they also raise some serious privacy concerns.  While the RFID tags in the Wal-Mart example are removable, not all RFID tags are (some are as small as a speck of dust and are virtually invisible).  RFID tags can be tracked and hacked, may not be easy to turn off and can be read at a distance, potentially allowing tags to be read outside the original system for purposes limited only by human ingenuity.

As the tags get cheaper and the size of the tags gets smaller, extending the reach and uses for such systems will likely evolve too. Perhaps most concerning is that RFID systems have the potential to track individuals and could do so without their knowledge or consent.  As a recent article notes:

“Location-aware apps are scary enough, based on GPS with the broad range they offer. But for the most part you still have to sign up for those. RFID is being implemented all around you…it can track infants to senior citizens with Alzheimer’s. In between it can track your clothes, your purchases, your car – even you. RFID is on the verge of tracking us all, cradle to the grave.”

As we and others in a number of jurisdictions continue to wrestle with questions about RFID and privacy, the evolving application of RFID systems serve to highlight the fascinating convergence of emerging technologies and human creativity.

21 Jul 2010

Location, location, location

Do you know how your location information is used?  A recent survey commissioned by security company, Webroot, asked 1,645 social network users in the U.S. and UK who own location-enabled mobile devices about their use of location-based tools and services.  The survey found that 39 percent of respondents reported using geo-location on their mobile devices and more than half (55 percent) of those users are worried about their loss of privacy. 

A few notable concerns over security and privacy: 49 percent of women (versus 32 percent of men) were highly concerned about letting a would-be stalker know where they are and nearly half (45 percent) are very concerned about letting potential burglars know when they’re away from home (a very real risk outlined nicely by

The growing popularity of geo-location tools and services (including offerings by industry giants such as Twitter, Apple, Facebook and Google) means that location information is being collected on a colossal scale and the real and potential uses for this information are just starting to work themselves out – from iPhone photos tagged with GPS coordinates to location-based gaming platforms such as Scvngr that enable mobile users to create their own location-based games.

This increase in the collection and use of location information can also pose unique risks for users.  The survey summary notes that a surprising number of respondents engaged in behaviors such as sharing location information with people other than friends that could put them, and their private information, at risk.  A blogger recently wrote about her experience with location sharing gone wrong and Foursquare was recently blasted for unintentional data leakage via their popular location-based service. 

As we note in our recent submission to Industry Canada’s Digital Economy Consultation, good privacy practices can support innovation by reinforcing confidence in users that they have the right to control their personal information and that the technology they use is secure.  With location information, the usual privacy concerns abound and with each cool, new service that hits the market. How to communicate these risks to consumers is something that occupies a great deal of our time.  Dealing with the privacy concerns of location information during the design phase for new services would help businesses avoid expensive (both financial and reputational) after-the-fact privacy fixes and might even provide those privacy-friendly businesses with a significant competitive advantage

26 Apr 2010

Incorporating privacy into design – A friendly message to the open data community

Here in Ottawa, a group of like-minded citizens held an open data hackfest last weekend, meant to show off cool apps designed by local developers using public municipal data.

The event shone a spotlight on some really innovative tools and highlighted the benefit to citizens that open data can bring.

But what about the privacy risks inherent in, say, an app that helps you locate the nearest bus stop?

Such an application might rely on GPS capabilities to pinpoint your location. It might also aggregate your data, in order to provide you with better options based on your travel habits. But why should a developer assume that the user would want to repeatedly share their location over time? From the user’s point of view, is providing that information – and potentially other pieces of personal information – to a developer I don’t know for a purpose (or purposes) I’m unclear about – worth trading for some intel on where I can catch the next bus downtown?

And if you want to continue down that path, what about crowdsourcing and the collection of aggregated (but not personal) data? There would be obvious benefits to using both in creating something like a traffic monitoring app, but what about the potential risks to privacy when someone begins to combine crowdsourced and aggregated data with personal information like IP addresses or data culled from a database elsewhere?

But it’s not that these apps are fundamentally flawed – anyone who’s ever been lost in an unfamiliar neighbourhood or city can appreciate the value in a Google Maps mash-up on your iPhone.

But – as a developer – why assume that the user wants to share multiple pieces of information? Why not ask first? Or provide options for users to protect their privacy, like Google Latitude which allows you to delete selected waypoints?

The rise of location-based tracking represents a new frontier for consumer privacy, which is why it’s one of a number of topics we’re examining during our 2010 Consumer Privacy Consultations. We’ll be webcasting the first session taking place in Toronto this Thursday, April 29. You can also follow the discussion on Twitter – we’re at @PrivacyPrivee and anything related to this consultation will be tagged with #priv2010.

6 Apr 2010

Virtual graffiti

The intersection of geolocational apps and social media has produced…virtual graffiti.

At several American universities, students with cellphones are tagging campus landmarks with comments and labels using location-aware apps like Foursquare. Some universities have found ways to teach through tagging:

“At North Carolina State University, meanwhile, a new library service shows smartphone users historical pictures of campus buildings based on where users are standing, including a snapshot of the first freshman class, from 1890, when the agricultural college’s hot mobile technology was horses.”

And students have found, er, innovative ways to tag spots around campus – one of the deans at the University as at Dallas discovered his office had been tagged in Foursquare with the comment “Watch out for lame jokes!”

The ability to virtually tag places, things and people isn’t new, but it does create challenges when it comes to managing our identities online – who owns that material? Foursquare? The tagger? The person tagged? Right now, the responsibility is in the hands of the tagged – for instance, look at the care university students take in reviewing, and untagging when necessary, photos of themselves that get posted to Facebook after a particularly spectacular weekend.

Is this likely to change? Probably not – online as in offline, we should all know what face we’re putting forward.

26 Mar 2010

Locational services and cool data visualizations

Earlier this month, a rich subset of social media users and technology evangelists descended upon Austin, Texas for the annual SxSW interactive conference. Some see SxSW (South by SouthWest) as an early indicator of developing technology trends. Twitter, the popular microblogging service, broke out as a popular consumer application at the conference two years ago.

This year, the dominant trend seems to be locational services. The video embedded below was produced by a company called SimpleGeo: it uses a data visualization tool to demonstrate how attendees, performers and regular old Austinites were using various consumer locational services during the conference.
Obviously, there are many people who find these services useful, either to meet up with friends, create the opportunity to meet new friends, or simply brag about getting into the most exclusive parties and shows.

As an Office, we are interested in how information from these locational services might be integrated into larger efforts to collect and aggregate data about consumers’ behaviour and preferences.

We also like really cool data visualizations.

19 Feb 2010

Where you are also tells us where you aren’t

The combination of microblogging services like Twitter and location-aware social networking games on your mobile device like Foursquare is like the Red Bull and vodka of the internet – it’s one big party until your great-aunt’s end table is smashed.

Twitter, of course, enables its users to post short 140-character messages. Social networking games like Foursquare encourage players to post their precise location information in order to gain points – the more locations you “check in”, the more points you gain. These “check-ins” can also be automatically posted to a player’s Twitter or Facebook account.

A couple of Dutch developers have created a site called PleaseRobMe to point out the dangers of posting so much information on your whereabouts.

Don’t get us wrong, we love the whole location-aware thing. The information is very interesting and can be used to create some pretty awesome applications….  The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home. So here we are; on one end we’re leaving lights on when we’re going on a holiday, and on the other we’re telling everybody on the internet we’re not home.

The creators of PleaseRobMe point out that users could be putting others around them at risk as well. Foursquare players, for example might also be posting location information for places they frequent…like the homes of friends and family.

The site – which took developers four hours to build – is a witty little reminder to consider the possible repurcussions of what we post online.