Session description: Information about a person’s physical location is sensitive, particularly if it is rendered in real time or it discloses historic patterns of movement. Such information may give away the location of people whose rights may be violated or who could come to harm in some way. Geolocation also raises potential concerns about targeted marketing and advertising practices. Consumer-oriented online location services got their start in a small number of countries in 2002 using the GSM network. The new types of location services evolving today can operate globally over the Internet, using data that is either wholly or partly outside the control of the mobile phone networks. Most of the new applications that collect and utilize location data today require no prior approval or authorization by a mobile phone company, a mobile phone handset manufacturer or any website owner. The one exception is the applications sold through Apple, which requires it of apps that run on their branded products, giving them a great deal of direct control. The panel discussed possible safeguards necessary, what measures should be taken and to what extent these new types of location services raise broader issues about the development of a “surveillance society” particularly if, for example through geo-tagging, such services start to become linked with other aspects of modern mobile devices’ functionality. Is self-regulation an option or are the challenges simply too large and complex?
Magid said that just as families prevent harm by teaching children the rules of knife use, they should adopt education as the key way to protect young people from the misuse of software programs in today’s mobile computing devices and phones.
The primary issue in the session was how to keep up with software applications that show users’ to physical locations online. This was also one of several IGF sessions dedicated to conversations on child safety on the Internet.
John Carr, an independent expert on child protection online, conceded that he is not aware of cases in which children have been stalked or exploited through emerging new location services. But he noted that as many as 25 percent of children aged 8-12 in his native Great Britain have Facebook accounts, even though they are legally too young. And he said 11 percent of those kids set their profiles to be open to anyone accessing the page.
The development of location services, he said, adds to the potential that innocent children could become victims software systems that reveal users’ locations. “You don’t need to be Einstein to see that they could do harm,” he said.
Speakers mentioned three types of action might be taken to ensure the best outcomes as the landscape of mobile, networked communications and computing continues to develop: education, industry adaption and legislative action.
Education was seen as a preferred choice, with several people, including representatives of smartphone makers, emphasizing that parents need to know enough about the applications to ensure that their kids don’t innocently allow others, whether dangerous strangers or eager commercial marketers, to target them. Hardware and software developers, in turn, need to seek design solutions and issue directions that are clear and simple to follow.
Vodafone group privacy officer Stephen Deadman said GPS units installed in all mobile devices “sniff for hotspots, figuring out where they are” in order to allow wireless customers to get connected. Applications and platforms that specialize in geolocation-centered services developed out of that. Consumers began adopting them and that changed the landscape. He said legislators should not overreact.
“It’s not reliable to pass a bunch of laws,” he pointed out. “They would be geographically limited.”
He said industry is now addressing privacy outcomes, seeking to find out what users desire. “How do they want their privacy protected?” he asked. “If we can begin to articulate those outcomes, then we can use design principles to ensure that we can know what privacy looks like in a service environment.
“You describe an environment, mixed up with platforms and devices and developers, and we can define what we think should happen from a user perspective and work back from that point. Should there be an icon that tells you an application is using your location? What should the developer be doing when designing privacy into locations - how should the APIs work?
“A lot of this stuff has to be built into standards - so there are people in standards bodies working to try to solve these problems - but we haven’t articulated what we want the outcome to look like. It is now up to the GSMA [the association of mobile operators and related companies] to try to get industries together to look at a range of changes using this type of approach. We need to be the industry finding the solutions to many of the problems, and civil society will be a key participant in that process."
John Morris, director of the Internet standards project at the Center for Democracy & Technology, said the privacy laws in the US are not as broad-based as those in Europe and other countries. He noted that the Mobile Privacy Initiative described by Deadman is “very promising,” adding that it is key to get Apple, Google and other developers of mobile smart devices even more directly involved in addressing these issues. He also said the fact that end users do not “pay close attention to what they are being asked about” when they are given a prompt about enabling location-based services. Adults and children react quickly and without thinking deeply enough about privacy implications when they agree to reveal their location because they want to access a service.
Nokia’s Jonne Soinenen said mobile phones are among the best contributors to child safety, allowing parents to check on children, but parents need to accept responsibility for making sure their kids use phones and applications appropriately.
Sabine Verheyen, a German member of the European Parliament who serves on the CDU/CSU group, said there has been a lot of debate in the EU about the potential ramifications of location-based surveillance. "In the last month, we were talking about the directive for the European Parliament to fight child abuse and sexual exploitation and child pornography," she said. "Because of the technical development of the digital age, there are several new forms of criminal offenses that challenge societies.
"Creating a perspective for the European Parliament on this crucial issue should be a goal for the near future. We do not see a problem when it comes to active location services where the user has to initiate every transaction - this is an act of communication between two parties. 'Passive' locations are different. The three parts involved in this process are the person doing the tracking, the person being tracked and the company supplying information to the tracker. New location services can be linked to social networking sites. Facebook launched Places and the concern is that then, without the user fully understanding the consequences,the location data will be published as part of a profile."
She said education is vital beginning now and suggested location services have an over-18 policy that is enforced.
"Information and education in school starting at an early age is the key to better prevention," she said. "But we need more security on the technical side. I agree with John Carr's proposal to establish a general code by which, for example, each each child would have to agree to being tracked by a specific individual and delivering the password to the real-world address. The new code should specify that only persons age 18 or above may be subject to a location service or may initiate one. Robust verification systems should be developed in order to assure this."
Magid, a co-founder of safeteens.com, offered several safety tips for using location-based programs. Among them:
• Check how a service shares a child’s location and whether the data expires quickly.
The UN's video recording of the meeting can be found at this link:
The UN's official transcript of the meeting can be found at this link:
- Senior segment producers, Glenn Scott and Janna Anderson