Archive for the ‘Location’ Category

12 Aug 2010

Badges? Badges? We don’t need no stinkin’ badges!

Loyalty discounts, the power of recommendations, serendipitous encounters with friends and colleagues, recognition badges, and stalkers. I think that’s a fair summary of most commentary about the growth of location-enabled services and tools.

Location is just one piece of information that can be generated by most smart phones, but is the most relevant for a marketer eager to deliver precise and context-specific messages to a consumer on the move. It is also a highly useful data point for a social scientist trying to measure the flow of human migration and socioeconomic progress, as in the case of Nathan Eagle’s research in the slums of Kibera, Nairobi, Kenya.

Between June 2008 and June 2009, Eagle and his co-researcher evaluated the calls recorded by mobile phones across Kenya (with all callers’ identification replaced with unique hashed IDs) to focus on calls originating or ending in Kibera. Their research tracked between 53,000 and 74,000 calls a month and a total of 18,000 individual callers during the year.

What did this data reveal about individual mobile phone users? “With each call, we can infer a number of individual characters such as

  • spatial data (by the location of the cell tower that transmitted the call),
  • economic data (the average length of each call, the amount of pre-paid minutes an individual has put on their phone, the type of phone),
  • an individual’s regional or tribal affiliation, and
  • a radius of migration for groups of individuals (by the distance between locations of cell towers calls have been made from).”

A first indication from this research is that Kenyans only live in the Kibera slum for a mean of 1.559 months. This high rate of movement and population turnover “supports the theory that slums act as a filter as opposed to a sink where there is a large amount of flux within the slum population.”

Amy Wesolowski, Nathan Eagle, Parameterizing the Dynamics of Slums

Eagle’s work in Kenya is an extension of a research project originally conducted at MIT, where 100 students were provided with mobile phones for 265 days. The mobile phones were equipped with custom survey software that recorded data and prompted the students with questions when certain conditions were met.

How much data?

“From the studies, we gathered 370 megabytes of raw data, including short recordings from 667 calls, 56,000 movements, 10,000 activations of the phone, 560,000 interaction events with our applications, 29,000 records of nearby devices, and 5,000 instant messages.”

Thankfully, from a privacy advocate’s point of view, the researchers also had to struggle with (a limited number of) weak points in their data sets – instances when the participants didn’t bring their phone with them, consciously turned the phone off, or simply ignored it. I would like to think that some of this reflected a conscious effort to mediate information collection, but it was probably just fatigue or forgetfulness.

There was one significant distinction between the two projects: the active involvement and acknowledgement of the participants. In Cambridge, the participating students were walked through the information collection process, provided with details about the information that would be collected, and required to complete a consent form(.pdf).

M. Raento, A. Oulasvirta, N. Eagle, “Smartphones: An Emerging Tool for Social Scientists“, Sociological Methods Research 37:3, 426-454.

This is an important point when it comes to the collection of location data, especially when it is associated with other personal information: individuals want to know what is happening with their information, and would like some element of control over its use.

A recent and exhaustive examination of the 89 then-available location-sharing services (really, who can keep track?) by researchers from Carnegie Mellon University noted that “the willingness to share one’s location and the level of detail shared depends highly on who is requesting this information (or knowing who is requesting this information), and the social context of the request.”

Supplemental interviews confirmed that potential users had particular scenarios in mind when evaluating the benefits and risks of these services: scenarios that would best be addressed with more detailed privacy controls, rules and conditions (explained in detail in the paper):

  • Blacklists
  • Friends Only rules
  • Granularity of controls
  • Group-based rules
  • Invisible status
  • Location-based rules
  • Network permissions
  • Per request permission
  • Time-based rules
  • Time-expiring approval, or
  • No restrictions

Janice Y. Tsai, Patrick Gage Kelley, Lorrie Faith Cranor, Norman Sadeh, Location-Sharing Technologies: Privacy Risks and Controls

Obviously, there are significant gaps in how personal privacy is protected when information is collected and analyzed in a large scale research project, a smaller experiment and within the context of online commercial services.

6 Aug 2010

Something new between us and our Calvins

In a move to monitor inventory in its stores, Wal-Mart will launch an item-level Radio Frequency Identification (RFID) inventory tracking program starting August 1st, 2010.  In its first phase, the system will track individual pairs of jeans, socks and underwear.  The items will be tagged with removable RFID tags that can be read from a distance using hand-held scanners so employees will know what sizes are missing from shelves and what is in the stock room, all in a matter of seconds.  If the program is successful, it will be rolled out at Wal-Mart’s more than 3750 U.S. stores with more products.

The upside of RFID systems have been well-documented –they help retailers better control their inventory and cut costs for consumers,  create efficiencies in our health care system, increase customer convenience (enter the smart coffee mug), and save valuable time for consumers (let’s face it, the ability to push a shopping cart through an RFID reader that instantly calculates your grocery bill without removing a single item from the cart sounds down-right heavenly!).

RFID systems also continue to be rolled out new contexts: we have written about privacy issues surrounding the use of RFID in the workplace, Northern Arizona University is using their RFID enabled student cards to track student lecture attendance,  transportation systems use RFID to monitor traffic flow, our passports are being equipped with RFID chips and our pets are tracked and monitored via RFID implants.

While these systems can be really useful and save us time and money, they also raise some serious privacy concerns.  While the RFID tags in the Wal-Mart example are removable, not all RFID tags are (some are as small as a speck of dust and are virtually invisible).  RFID tags can be tracked and hacked, may not be easy to turn off and can be read at a distance, potentially allowing tags to be read outside the original system for purposes limited only by human ingenuity.

As the tags get cheaper and the size of the tags gets smaller, extending the reach and uses for such systems will likely evolve too. Perhaps most concerning is that RFID systems have the potential to track individuals and could do so without their knowledge or consent.  As a recent article notes:

“Location-aware apps are scary enough, based on GPS with the broad range they offer. But for the most part you still have to sign up for those. RFID is being implemented all around you…it can track infants to senior citizens with Alzheimer’s. In between it can track your clothes, your purchases, your car – even you. RFID is on the verge of tracking us all, cradle to the grave.”

As we and others in a number of jurisdictions continue to wrestle with questions about RFID and privacy, the evolving application of RFID systems serve to highlight the fascinating convergence of emerging technologies and human creativity.

21 Jul 2010

Location, location, location

Do you know how your location information is used?  A recent survey commissioned by security company, Webroot, asked 1,645 social network users in the U.S. and UK who own location-enabled mobile devices about their use of location-based tools and services.  The survey found that 39 percent of respondents reported using geo-location on their mobile devices and more than half (55 percent) of those users are worried about their loss of privacy. 

A few notable concerns over security and privacy: 49 percent of women (versus 32 percent of men) were highly concerned about letting a would-be stalker know where they are and nearly half (45 percent) are very concerned about letting potential burglars know when they’re away from home (a very real risk outlined nicely by

The growing popularity of geo-location tools and services (including offerings by industry giants such as Twitter, Apple, Facebook and Google) means that location information is being collected on a colossal scale and the real and potential uses for this information are just starting to work themselves out – from iPhone photos tagged with GPS coordinates to location-based gaming platforms such as Scvngr that enable mobile users to create their own location-based games.

This increase in the collection and use of location information can also pose unique risks for users.  The survey summary notes that a surprising number of respondents engaged in behaviors such as sharing location information with people other than friends that could put them, and their private information, at risk.  A blogger recently wrote about her experience with location sharing gone wrong and Foursquare was recently blasted for unintentional data leakage via their popular location-based service. 

As we note in our recent submission to Industry Canada’s Digital Economy Consultation, good privacy practices can support innovation by reinforcing confidence in users that they have the right to control their personal information and that the technology they use is secure.  With location information, the usual privacy concerns abound and with each cool, new service that hits the market. How to communicate these risks to consumers is something that occupies a great deal of our time.  Dealing with the privacy concerns of location information during the design phase for new services would help businesses avoid expensive (both financial and reputational) after-the-fact privacy fixes and might even provide those privacy-friendly businesses with a significant competitive advantage

26 Apr 2010

Incorporating privacy into design – A friendly message to the open data community

Here in Ottawa, a group of like-minded citizens held an open data hackfest last weekend, meant to show off cool apps designed by local developers using public municipal data.

The event shone a spotlight on some really innovative tools and highlighted the benefit to citizens that open data can bring.

But what about the privacy risks inherent in, say, an app that helps you locate the nearest bus stop?

Such an application might rely on GPS capabilities to pinpoint your location. It might also aggregate your data, in order to provide you with better options based on your travel habits. But why should a developer assume that the user would want to repeatedly share their location over time? From the user’s point of view, is providing that information – and potentially other pieces of personal information – to a developer I don’t know for a purpose (or purposes) I’m unclear about – worth trading for some intel on where I can catch the next bus downtown?

And if you want to continue down that path, what about crowdsourcing and the collection of aggregated (but not personal) data? There would be obvious benefits to using both in creating something like a traffic monitoring app, but what about the potential risks to privacy when someone begins to combine crowdsourced and aggregated data with personal information like IP addresses or data culled from a database elsewhere?

But it’s not that these apps are fundamentally flawed – anyone who’s ever been lost in an unfamiliar neighbourhood or city can appreciate the value in a Google Maps mash-up on your iPhone.

But – as a developer – why assume that the user wants to share multiple pieces of information? Why not ask first? Or provide options for users to protect their privacy, like Google Latitude which allows you to delete selected waypoints?

The rise of location-based tracking represents a new frontier for consumer privacy, which is why it’s one of a number of topics we’re examining during our 2010 Consumer Privacy Consultations. We’ll be webcasting the first session taking place in Toronto this Thursday, April 29. You can also follow the discussion on Twitter – we’re at @PrivacyPrivee and anything related to this consultation will be tagged with #priv2010.

6 Apr 2010

Virtual graffiti

The intersection of geolocational apps and social media has produced…virtual graffiti.

At several American universities, students with cellphones are tagging campus landmarks with comments and labels using location-aware apps like Foursquare. Some universities have found ways to teach through tagging:

“At North Carolina State University, meanwhile, a new library service shows smartphone users historical pictures of campus buildings based on where users are standing, including a snapshot of the first freshman class, from 1890, when the agricultural college’s hot mobile technology was horses.”

And students have found, er, innovative ways to tag spots around campus – one of the deans at the University as at Dallas discovered his office had been tagged in Foursquare with the comment “Watch out for lame jokes!”

The ability to virtually tag places, things and people isn’t new, but it does create challenges when it comes to managing our identities online – who owns that material? Foursquare? The tagger? The person tagged? Right now, the responsibility is in the hands of the tagged – for instance, look at the care university students take in reviewing, and untagging when necessary, photos of themselves that get posted to Facebook after a particularly spectacular weekend.

Is this likely to change? Probably not – online as in offline, we should all know what face we’re putting forward.

26 Mar 2010

Locational services and cool data visualizations

Earlier this month, a rich subset of social media users and technology evangelists descended upon Austin, Texas for the annual SxSW interactive conference. Some see SxSW (South by SouthWest) as an early indicator of developing technology trends. Twitter, the popular microblogging service, broke out as a popular consumer application at the conference two years ago.

This year, the dominant trend seems to be locational services. The video embedded below was produced by a company called SimpleGeo: it uses a data visualization tool to demonstrate how attendees, performers and regular old Austinites were using various consumer locational services during the conference.
Obviously, there are many people who find these services useful, either to meet up with friends, create the opportunity to meet new friends, or simply brag about getting into the most exclusive parties and shows.

As an Office, we are interested in how information from these locational services might be integrated into larger efforts to collect and aggregate data about consumers’ behaviour and preferences.

We also like really cool data visualizations.

19 Feb 2010

Where you are also tells us where you aren’t

The combination of microblogging services like Twitter and location-aware social networking games on your mobile device like Foursquare is like the Red Bull and vodka of the internet – it’s one big party until your great-aunt’s end table is smashed.

Twitter, of course, enables its users to post short 140-character messages. Social networking games like Foursquare encourage players to post their precise location information in order to gain points – the more locations you “check in”, the more points you gain. These “check-ins” can also be automatically posted to a player’s Twitter or Facebook account.

A couple of Dutch developers have created a site called PleaseRobMe to point out the dangers of posting so much information on your whereabouts.

Don’t get us wrong, we love the whole location-aware thing. The information is very interesting and can be used to create some pretty awesome applications….  The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home. So here we are; on one end we’re leaving lights on when we’re going on a holiday, and on the other we’re telling everybody on the internet we’re not home.

The creators of PleaseRobMe point out that users could be putting others around them at risk as well. Foursquare players, for example might also be posting location information for places they frequent…like the homes of friends and family.

The site – which took developers four hours to build – is a witty little reminder to consider the possible repurcussions of what we post online.

28 Jan 2010

Geo what?? Canadians weigh in on location privacy

A recent research report titled Research Related to Privacy and the Use of Geospatial Information explores Canadian’s awareness of the uses of location (or geospatial) data and their concerns about privacy when it comes to sharing their location-linked personal information.

The research examined Canadian’s concerns with the privacy of their personal information generally, level of comfort with sharing location-linked personal information, level of awareness and use of location-tracking devices such as Global Positioning Systems (GPS) and use and comfort level with online mapping tools.

This report was commissioned by Natural Resources Canada through its GeoConnections initiative.  A couple of highlights

It was confirmed that respondents had a very low general understanding of what “geospatial data” is and struggled when trying to define terms such as “location-based information” or “location-based personal information”.

The study found that generally speaking, respondents are concerned about the privacy of their personal information (with over 80% stating they are “concerned” or “very concerned”).

When it comes to sharing location-linked personal information, control over the information being shared and the overall purpose for sharing the information were the two key drivers of comfort.  Respondents felt most comfortable if they have a high degree of control over the sharing of their information and the reason for sharing their location-linked personal information was related to a public good such as enhanced public safety or improved health care.

And what made Canadians uncomfortable?  Canadians became uncomfortable when they had no control over the sharing of their location-linked personal information and when their location-linked personal information was being used for economic reasons or targeted marketing.

There was support for the role of Government in the regulation of geospatial information.  For example, with regard to individual’s real-time movements, over 68% of respondents thought it was important for the Government of Canada to regulate the collection and sharing of location-linked personal information.  The majority of respondents (74%) thought it was important for the Government of Canada to regulate images of private residences appearing on internet mapping tools.

Who do Canadians trust with their location-linked personal information?  Level of trust was highest for medical institutions (58%) followed by federal and provincial governments (46%).  Interestingly, trust levels for federal and provincial governments were somewhat higher than for municipal government (35%) – proponents of the smart grid may have a bit of work to do.

And who was trusted least?  Social networking sites (6%), which is curious considering the sheer volume of personal information we voluntary give up to these sites (including increasing amounts of location-linked personal information).

It is notable that this research was completed just prior to Google’s Streetview going live in Canada.  With the launch of Streetview and the ever growing availability of new, innovative and useful location-based services such as friend finders, local search and restaurant recommenders, it will be interesting to see whether geospatial information evolves into a top-of-mind privacy issue for Canadians.