Location, location, location

 

The development of mobile phones and other portable internet enabled devices has encouraged the emergence of technologies which now make it possible for any internet or mobile phone user’s whereabouts to be tracked.

A growing array of applications can show you where someone is right now, where they were at an earlier specified time, or display a record or pattern of their movements, perhaps over an extended period. The location data which can be rendered will often be very precise e.g. to within a matter of a few metres.

The next big thing

Within and around the internet industry location is a hot issue. The growth in the numbers of users has been slower than many people hoped and expected but the word on the street is still that location is where all the action is going to be. Jump on board or get left behind.

Driven by advertising

Hype is nothing new in cyberspace. No one really knows where it will end up. It could flop but if you were to analyse the proposition wholly rationally you can see its obvious attraction. The idea of being able to tie ads to location is the key driver. It introduces a whole new range of possibilities.

You are approaching a store selling computer games and an ad telling you about their latest whizzo offer finds its way on to your iPhone or Blackberry. The big shoe shop around the corner from your office is having a bargain basement sale. Ping! You’re advised to get round there quick before all the best deals are gone.

And less savoury considerations

There are other more challenging location aware apps emerging. In a strange town? Need help finding someone nearby who, like you, is looking for casual sex? Yes, there is one of those too. At the moment it seems to be limited to people who have sex for fun not money but it’s not difficult to work out where it might end up. Neither is it difficult to foresee how hormone-laden, inquisitive kids will be tempted to try it out. Free download. No age verification.

The eternal struggle between good and evil

The possibilities for location apps to do great good are clear but sadly we know there are lots of jokers and criminals around. They will be looking for a new way to exploit any technological developments to be the first to beat the system, make a few illicit shillings or get at stuff they shouldn’t before their little ruse is discovered and shut off.

A key question is how much can we expect of the companies that develop or deliver new apps? What responsibility do they have to anticipate and test the potential for their technology to be misused? Unlike the rest of us, are they entitled to view the world entirely through rose tinted spectacles? Should they be able to say they cannot be held responsible for the misdeeds of others, even if one or way or another they have helped  carry them out?

Granted we do not blame Smith & Wesson every time a hoodlum brandishes a Walther PPK in the course of a bank robbery. But if a little extra effort or foresight could have reduced the scope for that kind of misuse we would most certainly be very cross if Smith & Wesson had not at least explored that avenue.

Naïve optimism or wilful myopia?

Should application developers and those who deploy the applications be put under an obligation to consider the potential for their new products to facilitate unwanted consequences? It’s another way of expressing the idea of “Safety by Design”.

Or should companies be free to just “put it out there” and the Devil can take the hindmost or the careless? The cops can sweep up the mess. It may even be the cops in another country who have to do it. I know we do not want to chill innovation or put any blocks in the way of new businesses getting going but there must be a line we can draw somewhere which keeps us on the right side of recklessness or calculated indifference? Simply saying the market will take care of it is no answer, because we know that is not true. Or rather by the time the market gets around to it a great deal of avoidable harm could have been done.

In relation to privacy Google, for example, have now accepted that privacy considerations are going to be built into every stage of their product development and other processes. Privacy and safety are very often simply different sides of the same coin. In fact they might frequently be the same side of the same coin.

Location data is sensitive

Clearly information about a person’s current or past physical location is potentially highly sensitive. Where it relates to the physical location of a child it is even more so. Anyone who chooses to step into the location market should expect to be held to higher than usual standards both in terms of how they first obtain the location data and subsequently how they use and store it.

Location 1.0 – controlled by the mobile phone networks

The original location services which emerged in the UK around 2002/3 were tied wholly to data owned and controlled by the mobile phone networks. They had commercial uses e.g. in vehicle management or asset tracking in corporate markets, but they also quickly morphed into “people finding” services. Some were specifically designed to locate children. They were marketed to parents.

Although sold through small, independent intermediary companies, the services were in reality controlled by the relatively small number of big firms that supplied the data – the mobile phone networks. At the time in the UK there were only five. Since the merger of Orange and T Mobile there are now four.

The code of practice

Mobile phone companies are accustomed to operating in highly regulated environments. It was easy to persuade them to adopt an industry-wide code of practice which the companies actually selling the location services would have to implement. The code set out strict conditions, at least in relation to child location services.

The code minimised the potential for an unauthorised person to gain access to any information about a child’s whereabouts. Crucially, it also limited how the services might be advertised and promoted. Some of the early ads more or less said every child on Earth was in imminent danger of being kidnapped. The pitch was that if you truly love your children and harbour any hope at all that you would get them back alive from the desperados then, of course, you will subscribe to this or that service. 

The payment mechanism provided an extra check

The fact the service was paid for was also very important. That automatically introduced extra layers of security. Through the payment mechanism you would be likely to have a line straight to the end user. The service anyway could only be started following receipt and use of a PIN number which had to be sent to a real world address through the conventional post.

No parental override

Another important feature was that the child had to consent to being tracked. They could also withdraw their consent at any time e.g. by sending a text message to the service saying “STOP”. There was no parental override. Admittedly in many family situations a parent will generally get their way, particularly if they are paying the bills for the phone, but the principle of the young person’s autonomy is an important qualification.

Location 2.0 – free at the point of use

However, this first iteration of location services is now dead or dying, at least in the people finder space. There is a new breed of applications. Location 2.0. They operate principally over the internet and typically are free at the point of use because they are paid for by advertising. This is important for two reasons.

Most obviously the potential for checking on the identity of anyone via their means of payment has gone.

Secondly, it opens up the possibility of children and young people being exposed to even more advertising than they are present. Absent any means of distinguishing between a child and an adult, some of this advertising is likely to be age inappropriate.

Many different players

The mobile phone networks remain key actors in this new location market. Data from them can still be used, but they are no longer in the driving seat. Not by a long chalk.

No code of practice in sight

At the moment there is no code of practice describing how the new internet-based location applications ought to work. It makes little or no sense to develop a code just for the UK. At the very least it needs to be EU-wide, and ideally it would be global. Not easy to see how that would be put together.

Different companies have come together to try to draw one up but they have been talking for over two years. We have yet to see a final result. The difficulty is that some of the players have entirely different interests from others sitting with them at the negotiating table. The free-wheeling internet businesses like things just as they are i.e. no controls other than their own. The mobile phone companies and their allies would like a more level playing field.

Land of the giants

Some very big companies such as Facebook, Google and Yahoo are offering location applications. Then there are a number of start-ups that have developed their own branded product, followed by a burgeoning list of newbies and hopefuls. Not all are equally fastidious when it comes to ensuring their users are the right age to be members of their service or that everyone understands exactly what they are getting into. We have already had a major exposé of the weaknesses of a very well known location application.

A particular concern relates to the way location apps are becoming integrated into social networking sites. In some of these children and young people are present in large numbers.

Take Facebook as an example. It has set up its location app as tight as it can be for minors, but of course Facebook has no way of knowing whether or not someone is telling the truth about their age. They do not do age verification. Obviously they don’t, otherwise how would we explain the huge numbers of sub-13s who are on there?  This leaves open the possibility that perhaps some very young children could be broadcasting their whereabouts to anyone and everyone. That cannot be right.

Some people wonder whether 13 is anyway the right lower age limit in this context. Is there a case for saying a minor should be required to produce verifiable parental consent before signing up? Many internet companies will not like that. It raises the spectre of messy paperwork or of having to pay for a verification service.

Whilst we can all probably feel confident the larger companies will work within every country’s data protection and privacy laws, typically by always following the principle of requiring customers to “opt in” to location services, these principles may be challenged by those companies who are innovating at the edge of the networks, or who have less understanding of the opt in arrangements that should apply. Like the myriad apps that have appeared for mobile phones, the new location applications are being invented or developed by some extremely small outfits that might be anywhere on the planet.  

Out of control

At the moment it seems most of the handset manufacturers, mobile phone network operators and web site owners with an interest feel powerless to act because they do not have the technical mechanisms for blocking or controlling the deployment of the new apps. This in turn means that both highly innovative data sharing applications and sometimes completely rogue location applications could find their way into the ecosystem to obtain and exploit people’s location data in ways which might be dangerous, unlawful or both. This is a classic illustration of how one of the internet’s much vaunted strengths, its lack of any single point of management and control, can become a great weakness.

Except for Apple

Apple seems to be the only company that has found a way of dealing with this latter problem. Through its “Apps Store” Apple must approve all applications before they can operate via their technology. As yet no other handset manufacturers appear to have established a similar capability. And of course there are many devices other than mobile phones that can be located.

Geo-tagging complicates things further

However, mobile phones do raise particular issues. This is in part because they are so ubiquitous. In some countries almost every sentient being from age 6 upwards has one. When you ring a landline you are often ringing a place. When you contact a mobile you are usually getting in touch with a specific person.

A consideration of the issues surrounding the new location services is therefore made more difficult by the potential for some or all of the functionalities of the newer mobile handsets to become linked to them.

Certain phones can be turned into remote listening devices by the simple expedient of sending an inaudible text message. This automatically turns the phone on, allowing the person at the other end to eavesdrop third party conversations.  In like manner some handsets can be turned into remote video cameras, this time with a combined audio and video function.

If real time (or historic) data also becomes available showing the physical location of the conversations being listened to or the pictures being watched, the potential for harm or mischief is that much greater. With geo-tagging we are already seeing the beginnings of this type of crossover application.

Specifically in relation to children, some services can send a text message or an email whenever a nominated handset goes outside a previously defined geographical perimeter. These have been incorporated into a number of child location services, particularly in the USA. The phone in effect becomes an electronic leash.

Corrosive of family relationships

Potentially this type of service may be valuable in a very limited number of circumstances but as an everyday feature of parenting it implies a lack of trust or confidence that could be truly corrosive of healthy family relationships. It suggests underlying issues which ought to be addressed. Alternatively such a service can be applied in a truly oppressive way by a parent or sibling, or even by the school bully.

Taken together, mobile phones start to look less like useful personal communicators and more and more like instruments of control, or even espionage. If I was a mobile phone company or a mobile phone handset manufacturer I would worry about the potential contamination of my brand.

Surveillance society

It is not hard to see where this broader debate might end up.  Amidst wider discussions about the development of a “surveillance society”, it will not be just the children’s organizations that raise concerns. Developments of the kind being discussed here have the potential to construct a very broad alliance of otherwise disparate groupings of socially engaged citizens. Within such an alliance children and the children’s organizations would be a relatively small part, although undoubtedly that angle could well be the one the mass media home in on.

Have we reached the end of the road with self-regulation?

The US and Canadian regulatory authorities are becoming exercised by the challenges of location aware applications. The EU is girding its loins. Both are concerned about the industry’s evident and continuing failure to produce a self-regulatory code worthy of the name.

I have acknowledged the inhrent difficulties in this area. But maybe we are nearing the end of what self-regulation can achieve? All the low-hanging fruit has been picked. Only the hard stuff is left. If so this has important implications for how policy will be formulated elsewhere in the future.

 

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was a appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in E-commerce, Location and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s