I Know What You Did Last Summer
Yesterday I was at a conference about location-based services put on by the Columbia Institute for Tele-Information at Columbia Business School (and organized by my friend and classmate Alison Albeck Lindland of American Express Interactive). The event was called The Focus on Locus, and fostered interesting discussions about the business, social, and privacy aspects of the latest generation of services which are location-aware. Ironically, the conference coincided with Apple’s launch of the iPhone 3G, causing AT&T’s Dorothy Attwood to joke that she should donate her speaking time to give people a chance to run over to the 5th Avenue Apple Store to get in line.
NOT a movie about location-based services
For me, some of the most interesting issues raised centered around privacy. A recent Northeastern University study (publicized by Nature here and here) of 100,000 anonymous cellphone users showed that most of us are creatures of habit, travelling between the same two or three locations most days. It has been suggested — though a quick search didn’t turn up any references on the web — that many “anonymous” records of a person’s location can in fact reveal a person’s identity once cross-referenced against other databases, such as home and work locations. On a less paranoid note, datasets of human movements would certainly yield important insights for economists, epidemiologists, urban planners, sociologists, and others. There is a whole new science of the mobile human environment waiting to be unleashed if we can design a location monitoring and disclosure framework which has appropriate privacy safeguards.
“Where are you right now?” — this is the particularly narrow view that many in the location-based services space have of the foundation they are building services on top of. The reality is that aggregate or longitudinal location data will likely turn out to be more valuable than the single data point of someone’s current location. In many cases the fact that you are at a certain restaurant right now is less useful than the knowledge that you’ve been there 8 times this month, usually for a weekday lunch. Hedge fund-backed startup Sense Networks is one example of a company working on more sophisticated methods with which to analyze this type of richer locational dataset.
John Verdi of the Electronic Privacy Information Center warned companies against the huge liability of retaining user location data unnecessarily. The personal nature of this data makes it a potential goldmine for civil litigators, e.g. a divorce attorney very interested to know where his client’s husband was when out at night. Retained personal data can create a temptation for a company’s own employees to snoop as well, so the best way to avoid legal headaches related to privacy invasion is to store only the minimal amount of location data necessary to drive one’s services. This is, of course, easier said than done. Today we rarely understand the full value of the data we collect until well after it has been collected. Pair this fact with the rapidly falling cost of computer storage, and you have powerful incentives to store as much user data as is available, and worry about what to do with it later. Perhaps in the future we’ll have a personal data ownership framework where individuals will control complete datasets of their own behavior, and can choose to expose it to another company or organization if the incentives are right.
Perhaps the biggest unanswered question of the day was how to handle what might be called “peer-to-peer privacy”. What do you do when someone else posts a photo with you in it on Facebook against your will? This is an area where even the most well considered, easily comprehensible, and user friendly online privacy frameworks can still fail to preserve user privacy. It remains to be seen what mix of standards, technology, legal regulations, and social norms will help address this latest generation of privacy concerns.
Tags: columbia, iphone, location, mobile, neogeography, privacy