You Are Where You Live: Why Location Privacy Matters

Back in the late 1980s, two groups of geographers went into civil war. On the left were largely quantitative geographers excited about the rise of Geographic Information Systems (GIS; think Google Maps). On the right, however, were largely theoretical geographers deeply concerned about such systems, to the point that one author wrote in the first line of his article, “The war against Iraq in 1990-91 was the first full-scale GIS war”, before adding that GIS “claimed and estimated 200,000 Iraqi lives” (Smith, 1992). This continued for over a decade, before some middle ground was finally discovered.

Why am I writing about a fight over GIS in a seemingly unrelated discipline to that of this site? At the time of this debate, these systems were incredibly rudimentary compared to what exists now; the idea of tracking hundreds of millions of people down to a few meters for the vast majority of their life was hardly in the picture. Yet, enemies were made at the mere prospect of using technology to index people across geographic space, and geographers were quick to emphasize the importance of maintaining privacy over where people are. The fact they expressed such concerns about these systems decades ago should be a red flag for the incredibly powerful systems that exist today.

Indeed, location privacy is an often underrated subset of the privacy equation. It is not uncommon to give high priority to communication privacy: we use Signal or WhatsApp to mask what we say to our friends, for example, but leave our location services on for convenience. After all, ‘where we are’ when we send those messages is just meta-data.

Where we are, however, can tell a story. This fact shows its face when we talk about the police’s use of Stingrays (cell phone trackers) around protests to monitor who was there, and therefore who might be expressing a political opinion that is in disagreement with that of the state. While this is a hot issue right now, it is critical to understand that location data can reveal things about us in far less direct ways.

Recently I was teaching an undergraduate GIS class about handling sensitive data, a topic that was never even mentioned when I took the same classes. Given that most people don’t care too much about privacy, and that in academia it tends to be a stubborn thing to sort out in ethics applications and then forget about, I gave a couple of examples of how location data can ruin someone’s life:

  • A survivor of domestic abuse has been hiding from their abuser for years, but has their health care records leaked because a GIS research assistant put them on Dropbox which ends up getting hacked. Their abuser finds them.
  • A GIS tech for a fitness tracking company accidentally loses an unencrypted hard drive storing location data, revealing several customers who had been visiting HIV treatment clinics every week. Note that it is not records about her domestic abuse that reveals where she is to her abuser, it is health care records, unrelated to that aspect of her life. Similarly, it is not a customer list of those obtaining HIV treatment that reveals who has been getting HIV treatment, it is a completely unrelated source of data.

Indeed, the issue with location data is that it is generated from so many sources (cell phone towers, GPS, credit card swipes, license plate scanners, Wi-Fi location, and soon facial recognition, among many, many others) and yet can easily undermine our privacy in other aspects of our lives. In other words, if we don’t compartmentalize rigorously, location data easily breaks down the barriers between the various parts of our everyday lives that we would like to keep separate.

Given this revealing power inherent to location data, it should be no surprise that is has become a staple of modern intelligence. Activity Based Intelligence (ABI), for example, is an approach to big data analysis used in the military that brings together vast and varying sources of big data to find targets and collect intelligence. Significantly, ABI finds it critical to add location information to all data sources, as “only then will an ABI analyst be able to correlate, integrate, and cluster the multi-INT data around a “spot of interest,” enabling the discovery of entities, activities, transactions, and begin to relate them” (Atwood, 2015). Put simply, location data is the key that deciphers what is going on in big data sources for the military.

It must be stressed that location data is what links not only aspects within individuals’ lives, but between individuals’ lives. Indeed, a core function of ABI is tracking multiple individuals’ locations in order to identify when meetings take place, as well as to identify and monitor relationships. This is an often forgotten aspect of location data: it does not only reveal where you go, but can also easily reveal who you’re going there with.

My point in discussing ABI is not to suggest that the military will knock on your door tomorrow because you happened to walk near a suspected terrorist by accident, but rather to emphasize the radical potential of location data to dismantle our personal privacy. Apply the techniques of ABI to Google’s data collection through Android phones and it becomes hard to imagine what they can deduce about our social graphs just based on where we (and our friends) are, and when.

To sum this all up, location data is inherently sensitive, and it doesn’t just reveal when you visit a protest. In a way, it lurks in almost every aspect of your life; you can never not be somewhere. Treat your location privacy as you would treat your communication privacy. To start with: turn off location services on your phone, pay with cash, and use a VPN or Tor. But to go further, be mindful of any time you think your location has been collected, and what you’ll realize over time is a much larger and more troubling conclusion: where we are is tracked far more than what we say, and resisting the latter is child’s play in comparison.