Members of the UT Student Government are developing a cell phone app for tracking students. This is not some kind of Machiavellian plot. The idea is that many students would want to be locatable when walking to or from campus at night, for example. Users of the proposed app who have a problem reaching their destination would broadcast this information immediately. “I know I’m sometimes worried about walking home when there aren’t many people around,” said one student interviewed about the plan. “This feels like a sense of security.”
Tracking is mushrooming throughout American society: we sign up to be tracked in various ways, install apps on our smart phones so that we can (among other things) track each other, and in many ways submit to covert and involuntary tracking. In a society obsessed with privacy, this change has come about with astonishing rapidity. Why has it happened? What are the risks? And what can people do to retain control over information about where they are, where they’ve been, how they move through the city (or countryside), and what they’re doing? My spring 2015 research project at the Center for Identity looks into those questions and the preliminary results are rather daunting.
A large part of what people exchange on social media consists of self-tracking: a photo of dessert at a certain restaurant, a selfie taken at a particular monument, a comment about the toll roads in a certain city, a review of a B & B in a particular town. The posting of such impressions on Facebook has declined after dire warnings that thieves may be lurking on social media site to see when your home is empty. But the “social-surveillance” impulse has spilled over into other social media like Snapchat and Twitter, along with other apps that seem to enhance urban life by helping us find things and meet people without publicizing where we are. These may be more private, but in an era heralded in Science Magazine as “The End of Privacy,” it is reasonable to worry about the ways in which digital tracking places personally identifying information (PII) at risk.
In her 2009 book Privacy in Context, the legal scholar Helen Nissenbaum famously described our notions of privacy as “contextual.” Not to put too fine a point on her argument, we take pains to calibrate our actions with particular forms of secrecy and disclosure that are appropriate in a host of different contexts: church services, voting booths, doctors’ offices, bank lobbies, business meetings, and so on. In each context, we feel comfortable divulging certain facts about who we are, what we do, and what we know, even as we keep other things to ourselves. For instance, it’s okay for my doctor to hear about my digestive problems, but not about my credit rating; conversely, it’s alright for my loan officer to know about my credit rating, but not my digestive problems. If an information flow breaks the unspoken rules of context, it creates distinct risks to material well-being, self-esteem, and personal dignity. Safeguarding against this is what Nissenbaum means by “contextual integrity,” and she argues that we have to preserve it through the courts and legal system as we adopt new media into our lives.
But what does this have to do with tracking? Mobility has traditionally carried an assumption of anonymity; even though one moves through public space, one’s movement is only visible for a moment to any given stranger. And each stranger we see can also be seen in return. The app that conveys reassuring information to Mary’s boyfriend Joe (permitting him to know that she has gotten home safely), however, can easily disrupt contextual integrity. What if Joe’s roommate borrows the phone and tracks Mary without permission? Or the creators of the tracking app harvest data about Mary’s movement patterns and sell it to an advertising firm? When that firm showers Mary with ads for the stores she passes on her way home, tracking spills over into target marketing or even stalking. The solution would seem to be simply avoiding tracking apps, but this is easier said than done.
Every cell phone sold in the US is potentially trackable, following a 1996 FCC ruling that 9-1-1 calls from cell phones must include locational information. This edict led to the ubiquity of the locationally-aware cell phone, and businesses have developed a plethora of location-based services (LBS) that run on these phones. Such services include navigational apps, traffic monitoring apps, dating apps, friend-finding apps, store-finding apps, assistive healthcare apps, child monitoring apps and others. The functionalities that make this possible do not simply reside on the phone, but exchange locational data with remote processors, generating records in databases. Such databases turn out to be remarkably easy to de-anonymize. Researchers at MIT found that a hacker only needs to know a person’s location at five points in time in order to identify that person within a mass of mobility data. Such a “de-anonymization attack” can in turn yield large amounts of PII about a person, including their credit card numbers, birth date, gender, place of residence, and so on. Until effective means are found for protecting locational data from such attacks, it is best to be cautious about using LBS!
The next phases for this research project (which is supported by the Center for Identity) involve (a) looking for ways to mitigate the risks associated with LBS and tracking, (b) developing an improved sense of whether biometric identification techniques compound or reduce these risks, and (c) grounding the entire discussion in recognized theories from geographical scholarship. This agenda will help develop guidelines for identity-management by and for the hyper-mobile citizens of the 21st century.