Recently there has been a lot of concern over cell phone and other data being provided by wireless carriers and social networks to the NSA and the far reaching implications of providing that data with regard to personal privacy as weighed against public safety. There has been much less concern over wireless carriers selling subscriber data as a way to 'monetize' the inherent information in their call data - or the carriers' own use of the information for internal sales and marketing purposes.
So when is tracking (by GPS or by wireless tower) Good and when is it Bad? Tracking your vehicles or assets is fairly easy to put into the 'Good' category. Knowing where your property or mobile assets are can be a good thing when it's missing, or not being utilized properly, or in the event of an emergency. However, it can be a bit confusing with the property has more than one owner. Setting up policies that keep the information transparent but private to the owners, is imperative; sharing the information with others outside the 'family' or organization should only be done on a 'need to know' basis, and with limitations in scope.
Many of the early adopters of GPS location systems were the Public Safety sector; Fire, Ambulance, Police, and State patrols. There was some initial concerns regarding the 'big brother' nature of such devices; but it was quickly dispelled when managers openly discussed the need to know driver's locations in near real-time in the event of an emergency; and emergency management is such a big part of what they do, they understood the need to know privilege right away. There was still a social culture of concern regarding the technology, but now, GPS tracking is considered a standard management tool in the public safety industry. However, like most legitimate tools it can be dangerous in the wrong hands or when used in the wrong way - public and private agencies don't typically share their location information outside of their respective organizations, even with other related agencies since it's difficult to make sure where access to the tracking information goes once it's outside their immediate control.
In some recent articles regarding cell-phone Big-Data analysis, there has been some interesting information about how the data can be applied for the greater public good: tracking the spread of malaria in Africa, Bus routes redrawn for more efficient services in urban cities. There are some examples of interesting but more benign analysis using cell phone to help determine how many fans of one team or another occupy a particular stadium, or for marketing analysis regarding how many locals may be passing by a store without ever visiting. However, this type of data has been made anonymous, while limiting it's scope so that personal (or corporate) privacy is relatively well protected.
So what make 'Good' location data practices? Here are some general rules:
- Specific data, such as GPS data should be only provided to the owners of the assets being tracked, even when made anonymous. Even over short time periods or limited geography the data can show specific travel habits well enough to pin-point individuals. Phone tower information is somewhat generalized already since it covers a fairly large geographical area without specific location information, and as long as it is limited in geography, and time, and made anonymous, it can be used for more general statistical analysis. However, correlated with additional data, such as purchases, this data can identify specific individual activity as well.
- Any specific data (such as GPS data) shared outside of the agency, organization, or personal owner should be on a need to know basis, and should only be available for limited periods of duration. This information should be anonymously presented (stripped of linkage to individuals, companies, assets, and their cargo), and geographically and time constrained. The longer the time range of the location data, the better chance there is of unintentionally divulging personal or private information.
- Make sure that the online data is reasonably well secure, and unneeded data is deleted or securely archived (offline) as soon as it is no longer relevant.
- Be sure that within reason, that data cannot be tampered with, or if it's to be used for legal purposes, that critical data such as speed and location data can be corroborated by a second source. Individual pieces of data have enough margin of error in them to create intrinsic 'reasonable doubt'.
Beware of any 'Bad' location data practices:
- Tracking people without their knowledge even if the asset you are tracking belongs to you. Though not illegal, this is a bad practice that only reinforces the 'big brother' attitude of legitimate tracking. Be upfront about what you are doing and why with the user, driver or operator.
And finally, illegal practices:
- Tracking or attempting to locate assets that do not legally belong to you without the owners permission for the purposes of 'spying' or 'stalking' the asset, the person, or company making use of the asset.
- Tracking assets or people without proper licensing, or making use of the technical intellectual property without specific permission or licensing.
- Making private data (location or otherwise) publicly available without permission, or for the purposes of altering an individuals account or location information (hacking).
- Use of mobile jamming devices to interfere with the GPS/GNSS and/or wireless communication system - which can interfere with not only the local system, but with other mobile systems around the vehicle.
- Though extremely rare outside of military use for the purposes of espionage, GPS spoofing is also illegal.
Location tracking can be used for business or personal reasons for a number of legitimate reasons; to help with efficiency, for logistical cost and process efficiency, to limit liability as well as for personal and product safety. Setting up internal tracking policies and processes can help to setup and keep secure clear limits on your internal tracking data.
Obviously some data security is out of the hands of private citizens and corporations - data that wireless carriers and governments access without our knowledge, or with a warrant. If you have concerns contact your wireless provider or regional State/Federal agencies to see what you can do to opt out of any data tracking (also called CPNI sharing) they may be performing internally - as well as to verify when existing data is being deleted or archived, and any notifications regarding whom the data has been provided to.