Managing public location data

Mobile gps navigation, travel destination, location and positioning concept


Image source

I am an active user of geolocation data on my smartphone. I take public transport, both at home, and on my travels. My GPS must be active for my transit app, which I use heavily, to update me on my bus schedules and routes. I also like to tag my location on Facebook; I’ve found this to be very useful when I’m on holidays, as it allows me to accurately label the names and locations of museums, galleries, and so forth when I upload my digital images to my cloud server. I use Google Maps frequently to find walking routes to various locations, even if these routes are sometimes overly circuitous. I am aware of the privacy concerns that people have about this type of tracking data, but I must admit that convenience and functionality win the argument for me.

This article by Fareena Sultan and Syagnik Banerjee discusses how marketers can use and manage geolocation data. Proximity marketing is one of these uses: Stores deploy beacons that send Bluetooth alerts to subscribed customers to push products. Geo-fencing extends this further by creating a zone around a business to push alters to mobile devices of subscribers. I don’t subscribe to these types of services, as this is rather too much information that I am willing to share, and also because I practice minimalism and thus am careful to avoid impulse buying.

Vigilant Marketing Intelligence is another use of geolocation data: As an example, if I post a picture on Instagram of a meal I’ve eaten at a restaurant and include the restaurant’s name, I may receive a private response from that restaurant, or a public post, and my post may be shared by that restaurant. I may be invited by that restaurant to participate in a survey, post a review, and so forth. This is an area I need to monitor, given what I have said above about tagging my location in Facebook. I do like to support restaurants that have vegan options, which is why I tag food at times, but I must admit that I’m not always comfortable with the resharing of this content, so I’m being more vigilant about when I do this.

The authors discuss the privacy implications of collecting geolocation data: It’s important to understand that this type of increased monitoring warrants a corresponding increased attention to privacy needs. Once a customer chooses to participate in a social media sharing system, attention has to be dedicated to securing data storage and providing the user access to information that has been collected by brands and processed on their behalf. The article provides some useful advice on how companies can protect customer privacy, and how they should communicate with their customers.

Opening your doors to strangers


In its continued push to change the face of the retail market, Amazon has introduced the Amazon Key service for Prime members. As a Prime member, get your Amazon packages securely delivered just inside your front door. Plus, grant access to the people you trust, like your family, friends, dog walker, or house cleaner – no more leaving a key under the mat. They Amazon Key In-Home Kit includes: Amazon Cloud Cam (Key Edition) indoor security camera and compatible smart lock. Below is a listing of some of the features:

  • Real-time notifications. We’ll send notifications the morning of delivery, just before, and right after. Watch your delivery happening live or view a video clip of it later.
  • Give family and friends temporary, recurring, or permanent access. Or provide one-time access for your electrician or dog walker. You’re in control—just schedule the date and time window.
  • Check in on your front door 24/7. The Amazon Key In-Home Kit includes an Amazon Cloud Cam (Key Edition) indoor security camera with 1080p Full HD, night vision, and more—plus an Amazon Key-compatible smart lock for secure access control.

The starting price is $249.99 USD, depending on location. This service is not yet available in Canada.

I have been an Amazon Prime member for a few years now, mostly because of the unlimited free cloud storage for my digital images, and for the free two-day delivery (sometimes) for items that are marked as “Prime.” The Amazon Prime video streaming service is thrown in but, to be honest, its offerings are limited in number and, more importantly, in quality.

Two-day express delivery is a lovely concept, but its value can become rather moot when you are never home to receive the packages. I can send smaller packages to my office, but since I take public transit, I am limited by what I can carry. My usual route is to have the packages delivered to my local post office. I can certainly see the attraction in having Amazon deliver my packages to my home while I’m not there, but the privacy and security considerations are high. For people like me who live in condominiums, this service likely won’t work very well if bylaws don’t allow people to install security cameras outside front doors of individual units.

I have been willing to sacrifice a degree of privacy for the convenience of online shopping for several years; I’m not sure, however, that Amazon Key is a line I am willing to cross. How will Amazon store all the data captured by the cameras? How much information would be gathered about other aspects of people’s lives via the camera, such as the faces and ages of their children, visitors, friends, family members, and so forth? There is a four-hour delivery window, which means your camera will be active for at least that long. Does the camera continue to transmit data to Amazon all day? You can check on the camera 24-hours a day, so does this mean that Amazon receives this information as well? Do I want Amazon to know my daily habits, such as when I go out, what time I return home, and so forth?  I am sure that Amazon is laying the groundwork for automated ground delivery. So many questions to ponder. I think it’s worth the five-minute walk to the post office: The exercise will do me good, as will the peace of mind.



Privacy and the monetization of data

In this article, David Rabb discusses the various privacy implications of the monetization of data. Rabb focuses specifically on Personally Identifiable Information (PII) that companies can obtain about people through cookies, IP addresses, GPS, and so forth. Companies have often touted the anonymity of cookies but, as Rabb points out, there are many ways to tie cookies to known individuals, a process that often includes “consent” consumers don’t know they’ve granted. Other theoretically anonymous identifiers such as device IDs and IP addresses can also often be connected to PII. And research has shown that even less specific information, such as a collection of taxi trips or a combination of birthdate [sic] and Zip code, are [sic] often enough to identify specific individuals.

I don’t think that most internet users are naive enough to think that companies don’t have their PII but, as Rabb points out, customers may broadly assume your company knows everything about them but they can still be surprised at the data presented in specific situations – especially if that data is wrong.

Information managers face the increasingly complex task of maintaining the security of PII, ensuring this information is accurate, using only the personal information needed for a specific task, and ensuring that the privacy rights of customers are respected.

The revelatory nature of telephone metadata

A study was conducted in Stanford University to examine the impact on privacy of the National Security Agency’s collection of bulk telephone metadata nationwide. The study found that telephone metadata is densely interconnected, can trivially be reidentified, enables automated location and relationship inferences, and can be used to determine highly sensitive traits.

The authors conclude that more broadly, this project emphasizes the need for scientifically rigorous surveillance regulation. Much of the law and policy that we explored in this research was informed by assumption and conventional wisdom, not quantitative analysis. To strike an appropriate balance between national security and civil liberties, future policymaking must be informed by input from the relevant sciences.

How 5 Digital Assistants Use Your Data

This article provides useful and sobering information about how the digital assistants Siri, Cortana, Amazon Alexa, Facebook M, and Goole Now use your data. The article highlights the privacy and security features of these digital assistants; for example: By using Siri, Apple adds, you agree to allow Apple and its subsidiaries and agents to transmit, collect, maintain, process, and use your voice input and user data. Amazon Alexa saves your voice recordings, but you can erase them via your personal settings. As we move increasingly in the direction of voice-activated applications such as search, and voice-to-text, we need to consider carefully the new  personal metadata footprints and trails that we generate.

Fitness tracker privacy and security

A report on fitness tracker activity has just been published by OpenEffect,  Canadian not-for-profit applied research organization focusing on digital privacy and security, and The Citizen Lab at the Munk School of Global Affairs, University of Toronto. The scope of this report is as follows:

Every Step You Fake explores what information is collected by the companies which develop and sell some of the most popular wearables in North America. Moreover, it explores whether there are differences between the information that is collected by the devices2 and what companies say they collect, and what they subsequently provide to consumers when compelled to disclose all the personal information that companies hold about residents of Canada.

The report does not contain any conclusions or specific recommendations yet, so this is obviously very preliminary at this point.  Some points raised, however, include:

  • Seven of the eight wearables tested revealed unique Bluetooth identifiers that  allowed them to be tracked by nearby Bluetooth beacons. Beacons are used more and more in stores and malls to profile shoppers and push tailored offers.
  • While the devices themselves show the wearers’ location, the accompanying apps provide more personal information, e.g., they failed to protect against interception and tampering when they were transmitting data between smartphone, wearable, and the wearable company’s own servers.

I have worn a fitness tracker for some years now, and I tend to not have my Bluetooth device active on my smartphone when I am away from home.  I sync my wearable device when I am at home.  I’m not sure how much protection this affords me.  The default setting on my Bluetooth is to not make the device visible to anyone other than me, but I’m not sure if this is sufficient.  I minimize the information I load to my tracker; I don’t include what I’ve eaten, or track my sleep, so at least I do control how much of my personal information is tracked.  Still, this report does raise a few red flags, even as preliminary as it may be.


Microsoft Cortana’s email features

The title of this article is telling: Microsoft’s Cortana to spy on email to keep you on track. The article discusses Cortana’s “helpful” features that can scan your email and recognize language indicating a commitment and use this information to create reminders. If, for example, you send a message to your boss stating, “I will send you the project by 4:00 p.m.,” Cortana will set an alert so you don’t forget. Now, I’m all about keeping myself organized, but isn’t this what keeping calendars is all about? When I have an event or task, I schedule it in my calendar, and a reminder is sent to me. Do I really need or,  more importantly, want, Cortana to scan my emails to send me reminders? No mention is made in the article about where this information is stored. Is Microsoft tracking any of this data? I don’t think that I’m a particularly paranoid person, but this feature does raise a few alarm bells with regard to privacy.

Rogers, Telus await landmark ruling on cellphone privacy

According to today’s Globe and Mail, an Ontario court is set to issue what could be a landmark ruling on a Charter of Rights challenge filed by two of Canada’s biggest wireless carriers over “tower dump” production orders that would have required the companies to turn over personal information of about 40,000 customers.

Since I’m a Rogers wireless customer, it’s comforting to know that these companies challenged 2014 production order from Peel Regional Police obtained production orders requiring the two companies to provide communication records related to 21 cellular towers or sites.  Rogers and Telus argued that complying with the order would have resulted in the disclosure of customer name and address information for more than 9,000 Telus subscribers and more than 30,000 Rogers subscribers.

Rogers: We want to ensure our customers’ privacy rights are protected and there are clear ground rules for what law enforcement is able to request and access… [our] policy is only to share customer information when required by law or in emergency situations. This case did not meet the test for us and we are hopeful the court agrees. As am I.

Vuvuzela messaging systems

The much despised (by me, at least) Vuvuzela is being put to interesting use by a group of researchers at MIT.  This article discusses techniques that are being developed to hide metadata that is normally included in email and messaging systems.  As we know, metadata can give away a lot of information about the parties involved in the exchange, even if the content of the messages cannot be accessed.  This new messaging system creates a lot of noise to bury the metadata, e.g.:

  • Messages are stored on server rather than sent directly to their recipients.
  • The messages are released only in delayed rounds and not when each user requests them.
  • The system generates a large amount of dummy or fake messages (the Vuvuzela effect), which makes it difficult to distinguish the “true” metadata from the “false.”

With all these mechanisms working, the researcher behind the project say that the only variables Vuvuzela reveals are “the total number of users engaged in a conversation, and the total number of users not engaged in one.” And even then, it doesn’t reveal which group the user is part of. All of this is intended to obscure the metadata only, but the servers themselves also encrypt the message content the same as any other encrypted chat system.

This system can cause some annoyances in the form of delays, and it’s not clear how the false messages would be managed.  The software is in its infancy, but it’s an intriguing idea, and raises the question (not new, of course), about the balance between the desire for privacy, and the willingness to take the steps necessary to guard that privacy.

14 creepy ways to use Big Data

This article from Information Week discusses 14 ways in which Big Data gathered about you can be used  in ways you might not like or anticipate. I think it’s important to keep all this in perspective; to quote one of the commentators: I often think the fear of the creepy uses that could leave a customer open to a security issue stand in the way of organizations pushing forward with big data initiatives. In reality, it just shines a light on the need for governance.  A question organizations should ask themselves is not, “can we,” but “should we,” when it comes to deciding how to gather and use personal information.  My previous post and the embedded SlideShare presentation addresses this matter in more detail.