Location-based social networks using geotagging technology are a cool way of letting friends and family keep track of you–and as a law enforcement tool, they can protect public safety. But when we share, do we really know who's watching?
In the world of social networking, Carri Bugbee is hardly a novice. The Portland, Oregon social media marketing strategist has 7,164 followers on Twitter, 1,197 Facebook friends and more than 500 connections on LinkedIn. But when she got involved with geotagging through a location-based network, she received an uncomfortable wake-up call.
Literally. One evening last February, she used foursquare, the popular location-based mobile network, to “check in” at a local restaurant, letting friends know where she was sitting down to dinner. Then she got a call on the restaurant telephone.
The caller, who swore at her and called her stupid, had tracked her down through PleaseRobMe.com, a site whose unsubtle name reflected its purpose: to warn people about the risks of geotagging by aggregating and publicizing location data from users of those networks. In Bugbee's case, the warning was effective. She quit foursquare. She started hiring a house sitter. She became, as she put it a “geotagging curmudgeon.”
“I think that a lot of people have drunk the Kool-Aid without actually thinking that hard about it,” Bugbee said about location-based technologies. “At some point, some tragedy will occur.”
PleaseRobMe shut down last spring after a string of incidents like Bugbee's suggested it may be more helpful to would-be criminals than to users. Nevertheless, its founders said they had accomplished their goal of educating users about the risks of broadcasting their location to the world.
“What is often forgotten is that you're not really talking to a small group of friends,” said Douglas Salane, director of the Center for Cybercrime Studies at the John Jay College of Criminal Justice. “You're potentially talking to anyone on the internet.”
This can be incredibly useful for law enforcement.
Salane, who has worked with the Manhattan District Attorney and the FBI, notes that “one of the most useful devices for law enforcement is a cell phone.” But at the same time, he adds, users have largely ignored the longer term risks to privacy and public safety.
Our Digital Trail
About 59 percent of American adults now use wireless Internet, up nine percent from one year ago, according to a Pew report on Internet use. About 76 percent use their mobile device to take pictures, and 54 percent have used it to send a photo or video.
And things are getting more complex. The future of the Internet–Web 3.0, if you will–will likely rely heavily on information that users produce and broadcast, either willingly or unwillingly.
In the world of social networks and applications, location-based services are the next big thing. Twitter and Google already use them. Facebook, which hit 500 million users in July, plans to roll out a location-based feature any day now. As more emerge around the digital world, they will leave millions of pieces of location information in their digital wake.
And a small but growing number of programmers are trying to do something about it.
Ben Jackson and Larry Pesce had both safety and privacy in mind when they started ICanStalkU.com in May. With $1,000 and some programming language, the New England-based securities information researchers picked up where PleaseRobMe left off.
ICanStalkU automatically searches thousands of photos on Twitter for geotags, tiny location markers attached to about three percent of all photos posted to the micro blogging site. Then it turns them into a location message, showing how photos can be used to trace people in real time, using information many have no idea they have put out there.
Despite the eyes-in-the-dark logo and dramatic name, Jackson said they intended the site to teach rather than threaten. “We just want people to make an informed decision,” explained Jackson. “If they are posting this information, we want them to know what kind of risk this entails.”
Stalking in Cyberspace
Stalking experts say the rapid evolution in locational technology has upped the risks. “It doesn't cause stalking but it makes stalking a lot easier,” said Rebecca Dreke, a senior analyst at the National Center for Victims of Crime.
About 25 percent of the 3.4 million people who reported being victims of stalkers during 2005-2006 said they had been stalked using some form of cyber technology such as e-mail or instant messaging, according to the most comprehensive evaluation of data to date. The data, reported in a 2009 study by the Department of Justice, predated the wide use of newer technology such as geotagging and may thus seriously underestimate the scope of the problem, says Dreke, who points out that many of those exposed to location-based tracking will not even know they are being watched.
Dreke helps educate law enforcement about how they might use the same technology to help uncover the offenders. It's an uphill battle. “The offenders and the criminals are usually keeping ahead of the people investigating the crime,” she said.
A recent study recent study by the security company Webroot showed many social network users are aware of the perils of their digital life. Webroot found 32 percent of men and 49 percent of women reported being “highly concerned” about stalkers. More than half of the 1,500 respondents worried about the privacy implications of their geo-tagged lifestyles.
Todd Zwillich shares their anxiety.
Zwillich, the Washington correspondent for the Public Radio International program, The Takeaway, was driving around the capital on a recent Saturday when he spotted a blue Chrysler with the license number NCCI70I. He grabbed a friend's iPhone, and ran into traffic to snap a shot of the “awesome” plate. “It's awesome because that is the ID number of the Starship Enterprise,” said Zwillich, with a laugh.
Zwillich knew the image would lay bare his Trekkie obsession to friends and followers. But until ICanStalkU picked it up and The Crime Report contacted him, Zwillich didn't know he was tagged as standing “nearby 669 New York Avenue NW Washington DC” that day.
The idea didn't sit well. “I'm not interested in having constant GPS social surveillance,” he said. “It's information I want to control.”
But increasingly complex privacy settings and out of date laws can make that hard to do. In the courts and on Capitol Hill, debates have begun about how to fashion laws governing cell phone records and electronic communications that strike the right balance between safety and privacy.
Geo-Location and Civil Liberties
Locational data can be culled from information we've opted to offer up to private companies–information emitted by our cell phone and collected by our service provider, pictures we've posted on Twitter, or profile information on Facebook.
The Constitution protects our privacy rights with respect to government prying. Private companies, on the other hand, may collect information on their users and often have wide leeway to use it as they see fit.
Often, that means cooperating with government. Recently, law enforcement has been using the Stored Communications Act to access locational data from cell phone providers, which requires law enforcement agencies to provide “reasonable grounds” before being granted the right to access location records from cell phone companies as well as social media networks like Facebook and Twitter.
The right to do so can help catch criminals and save lives, said Jack Killorin, director of a federal anti-drug task force in Atlanta. Like the FBI and NYPD, his agency has used location data emitted from cell phones in a number of cases, such as tracking a load of narcotics on the move.
“Where its certainly immediately helpful is when it's used to track down victims of kidnapping, or fugitives,” said Killorin, who downplayed privacy concerns about this kind of technology.
“I don't think that there's a threat to the privacy of the overwhelming majority of citizens of the United States,” he said. “At least not from law enforcement.”
But law enforcement is already moving into some gray areas that raise questions not just about government access to data, but how it uses the data it collects.
Recently, police in a suburb of Dallas, Texas received $60,000 in federal stimulus funds to set up a license plate scanning system, a database of snapshots it can use to keep and track plate numbers to look for stolen cars or kidnap victims. The technology allows the department to track where and when any plate has been photographed, potentially offering up a map of how many of the city's citizens spend their day–where they live, shop, eat, sleep, meet up with lovers and go to political meetings.
The legal scope for using this information is still murky, says Andrew Blumberg , a professor of mathematics at the University of Texas, who has done extensive work on locational privacy.
“Most people's intuitions about their privacy and public space are wrong or out of date,” adds Blumberg, which is why he welcomes sites such as PleaseRobMe and ICanStalkU as useful counterforces to the notion that citizens have nothing to fear, as long as the users of such metadata act responsibly.
“Is it legal to keep (such information) forever?” wonders Blumberg, who co-authored a paper on locational privacy with the San Francsico-based Electronic Frontier Foundation, which defends privacy rights in cyberspace. “We need to have a national debate about what the right legislation is.”
The debate has started. The law currently governing the use of email communication is the 1986 Electronic Communications Privacy Act. In an unusual show of cooperation, privacy advocates, tech companies and service providers from the ACLU to Facebook have come together to form Digital Due Process, a coalition seeking to update the law for the modern webbed world.
The courts may soon weigh in as well. A case now pending before the Third Circuit Court of Appeals will rule on whether the government should show “probable cause” before obtaining location records from cell phone providers, as it would for a warrant–rather than the present lower standard of “reasonable cause. “
In February 2008, a lower-court judge sided with the coalition of digital rights and civil liberties organizations that brought the suit, which included the Electronic Frontier Foundation, the Center for Democracy and Technology and the American Civil Liberties Union. But the Justice Department says the judge was wrong. “An individual has no Fourth Amendment-protected privacy interest in business records,”argued DOJ lawyer Mark in a brief submitted to Third Circuit defending the current standard.
But ICanStalkU's Ben Jackson isn't sure the law can ever keep up. That's why he and others on the cutting edge of technology will likely keep setting up sites to show the world the digital breadcrumbs they have left behind.
Jackson is already thinking beyond geotagging. The question stuck in his mind is: “What's going to happen next year and the year after that to information I don't know I'm giving out now?”
Lisa Riordan Seville is a freelance reporter based in Brooklyn, NY.