Cisco Blogs


Cisco Blog > Security

Where’s Waldo? Adjusting Law and Policy for Location-Based Services

Last month, my colleague Christopher Burgess shared some thoughts on the “double-edged sword” of location-based services at the Huffington Post. In his post, Christopher highlighted how these services could alternately be a benefit, and where they might cross a line and become undesirable. Recently, some US Federal courts have heard cases about the legality of GPS tracking, including how and when such tracking should require a search warrant. While it will be up to people with far more legal experience than I have to debate exactly how these decisions will impact individual rights vs. police or government powers, I do think that there is something to be concerned about from a purely technical viewpoint. Whether used by government officials or attackers who have unauthorized access to this information, location-based data could result in a person being picked from a crowd when they least expect it.

Pervasive Tracking

US courts have primarily been involved in cases where police or other agents of the government have installed GPS tracking devices on the vehicles or persons involved in an investigation. The US Fourth Circuit court, in United States v Maynard, has cited the resulting tracking information as being more important because of its pervasive nature:

Two considerations persuade us the information the police discovered in this case — the totality of Jones’s movements over the course of a month — was not exposed to the public: First, unlike one’s movements during a single journey, the whole of one’s movements over the course of a month is not actually exposed to the public because the likelihood anyone will observe all those movements is effectively nil. Second, the whole of one’s movements is not exposed constructively even though each individual movement is exposed, because that whole reveals more — sometimes a great deal more — than does the sum of its parts.

I agree completely, and the September 2010 issue of the Atlantic contains a piece on the future of incarceration in the United States, exploring the possibility of using GPS capabilities alongside a parole officer to define where convicted criminals may go. Though the article is particularly focused on GPS tracking of individuals whose criminal convictions would legally restrict their rights, it has some telling excerpts that shine a light on the kinds of impacts that can be expected, both for those who track, as well as those who are tracked. First, the article’s author muses about how many people already are GPS-enabled to an employee of BI, a major firm in the market of tracking individuals through GPS bracelets:

If I were ever convicted of a crime and forced to submit to GPS tracking, I would, in theory, need only to add my probation officer to my Google Friends list and keep my phone handy. (When I showed the app to BI’s Jennifer White, she had trouble fathoming that anyone would use such a thing without a court order. “Do you keep that on all the time?” she asked suspiciously.)

And further, some concerns about state-mandated tracking of individuals:

Erik Luna, a law professor at Washington and Lee University, is a critic of mandatory sentencing and other measures that have packed U.S. jails, but he urges caution when viewing electronic monitoring as an alternative. “There should be a general concern about the extent of the power of the state to follow and track individuals and gather information about their lives,” Luna says. “What is the minimum ambit of privacy, to maintain the level of human dignity that a liberal form of government should provide?”

Clearly, there is real concern about how one’s movements can be construed by those who watch, and that ongoing monitoring of where one travels can have a variety of impacts. Though the Atlantic article is primarily focused on state-sponsored tracking, similar effects could be felt from malicious or careless actors with significant access to GPS data.

Adjusting for the Risks of Location Data

If pervasive tracking is a concern that merits review to prevent abuse by those with authority, then the collected pervasive location data of users that opt in to its collection should also be carefully protected. As users participate in location-based services, they might consider limiting their use to only as long as necessary (e.g. for an extended period of time when using a GPS to get navigational help, but perhaps only for a few moments when querying for nearby restaurants). Not only will corporations need to carefully control, selectively retain, and diligently protect the information that they are entrusted with, but users will have to be educated in how and when to take advantage of such services. Failure to do so could lead to an opportunity for miscreants to misuse this information and put their targets at considerable risk.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

1 Comments.


  1. Thanks for sharing such nice information about Tracking systems.I like to read whole post.

       0 likes