July 24, 2009— -- Not so long ago, if law enforcement officers wanted to track the movement and location of a suspect, they would plant a "bug" on the person, a tracking device to continually monitor the individuals whereabouts.
Today, millions of Americans willingly carry location devices with them everywhere. Everyday devices like cell phones and global positioning systems (GPS) make it easy for the government -- as well as technology providers and advertisers -- to track your real-time location or put together a full record of your whereabouts over time.
Location-aware devices provide many benefits to your safety, security and overall convenience. Location-enabled phones improve response time to 911 emergencies and built-in vehicle navigation systems, such as those from OnStar, can send the car's GPS coordinates to emergency personnel.
Other popular location services use GPS satellites, Wi-Fi or cell towers so that users can make better use of their social networks and track where they are in relation to their friends and families. Advertisers can send more relevant ads and, of course, tracking location is an important tool in law enforcement investigations.
But for all its benefits, there is growing concern about just what is happening to the increasing amount of location information being collected by a variety of entities.
Of particular concern is the question of government access. A record of location can provide a detailed portrait of a person's activities and associations. Yet the legal standards for government access to location data held by a range of third parties are unclear, at best.
When Apple introduced its latest iPhone 3GS a few weeks ago, it instantly drew about 40 million iPhone users into the geo-location market, marking the dawn of a new era where our daily activities once considered mundane now can be tracked with ease, speed and accuracy over the Internet.
Apple joins other popular Internet companies that have also recently jumped to make their mobile devices and services location ready. Mozilla's Firefox, the second most popular browser behind Microsoft's Internet Explorer, has made it possible for Web sites to ask for users' physical locations.
Google's Latitude service, like early entrants Loopt and Where, make it possible for consumers to see their friends' location (assuming they, too, are using the same service) on a cell phone map.
A Legal Solution
Firefox has partnered with Google to be its "location provider." That means that if you're browsing the Web with Firefox and visit Google to search for a site that requests your location, Firefox is able to gather information about nearby Wi-Fi access points and share that information with Google.
Because Google keeps a database that maps Wi-Fi access points to exact locations around the globe, it is easy for them to plot your whereabouts -- in a cafe, office or at home -- and share that intelligence with the Web site you initially visited or, if ordered to do so, the government.
With the pace of innovation in location services quickening, it is too easy for consumers to unknowingly expose themselves to location-based surveillance. Users need to be put in charge of deciding whether such services are activated and with whom location information is shared.
That's why Internet companies need to offer transparent and granular controls for consumers that, in the first instance, ask permission before accessing their location. While all the companies providing location services have taken important steps to build the first generation of user controls, these controls must become more robust as location comes to pervade the Web experience.
Likewise, policymakers need to address the widening gap between America's aging and spotty privacy framework and the rapidly evolving technology landscape to which it applies.
Now is the time to enact a baseline, technology-neutral, consumer privacy law.
This law would require companies that collect personal information to follow fair information practices, including providing consumers with clear and concise notice of collection and use policies, a meaningful choice about the use of their information, access to information held about them, and remedies for misuse.
Location information, as well as other sensitive data, should be afforded heightened protection in that law.
Most important, however, the communications privacy laws that control government access to personal information need to be updated to take into account the changes in technology.
The legal standards for government access to both real-time and stored-location information remain unsettled and highly disputed. Rather than struggling to retrofit laws that were drafted before the digital age to today's technologies, those laws need to be rewritten to ensure that our Fourth Amendment rights against government search and seizure still have meaning.
The location-enabled Web has the potential to be a real boon for consumers and fertile ground for Internet innovation, but it will only fulfill that potential if it evolves within a legal and cultural framework that recognizes the privacy rights at stake and puts control over this information in the hands of consumers.
Leslie Harris is president and CEO of the Center for Democracy and Technology.