Privacy Issues Raise Concerns for Remote Sensing
As unmanned aerial systems (UAS) become more prevalent in the skies, the United States is engaged in spirited conversation about their impact on the constitutional guarantees of privacy and free speech. Over the next 10 years, tens of thousands of these vehicles could be safely darting in our national airspace, providing a wealth of valuable services to homeowners, ranchers, farmers, journalists and businesses. Many of these vehicles will be equipped with remote sensing technology enabling the identification of individuals. This technological leap forward brings with it challenges to our concept of “privacy” and “free speech” our society has not yet faced.
For example, if you do not “own” the air above your property, can individuals, businesses or government officials fly their camera over it and record high resolution video of your barbecue and identify everyone gathered there? Can a media organization or law enforcement agency “virtually” follow you everywhere you go silently recording your journey from 200 feet overhead? What expectations of privacy do we have from high-resolution flying camera in the national airspace? How does this new high-resolution geospatial and personal data impact privacy, free speech and the geospatial professional?
Two Communities, Two Perspectives
There are two distinct conversations currently taking place with regard to UAS and privacy. One discussion is taking place within the very active privacy community. This discussion consists chiefly of privacy advocates, lawyers and policymakers. Some of these have an engineering and technical background, but very few of them have a deep understanding of geospatial technology. Fewer still understand remote sensing.
There is a second discussion taking place within a narrow segment of the geospatial community. Many of those taking part in this discussion have a deep understanding of geospatial technology in general and remote sensing in particular. Some are familiar with the few Supreme Court decisions addressing remote sensing and privacy. However, there are less who appreciate the changing perception of privacy in a public space or recent trends in privacy laws.
Unfortunately, in many instances the two groups are not speaking the same language. While privacy professionals may be familiar with a few of the more well-publicized benefits of UAS, they do not know the difference between electo-optical imagery and LiDAR, how data is captured and processed. Nor do they understand fundamental aspects of geospatial data sets. They also do not appreciate how geospatial information is integrated into a number of governmental and societal applications they take for granted every day. For example, they may not appreciate high resolution orthorectified imagery’s use in forecasting flood damage, transportation planning and monitoring for crops, forests and federal lands.
Similarly, geospatial professionals have an understanding of their own sense of privacy. However, they often don’t appreciate location privacy is much more subjective than other types of information, such as medical or financial records. It can be influenced by age, gender, religion and whether you are living in an urban or rural environment. In addition, they often fail to appreciate the evolution of the term “personally identifiable information” or the elements of popular privacy concepts such as the Fair Information Practice Principles or Privacy By Design. For example, many geospatial professionals are not aware that geolocation information sufficient to identify street name and city is protected under the Children’s Online Privacy Protection Act (COPPA).
As a result, these two groups are talking past each other, not to each other. Since privacy has become an issue favored by both conservatives and liberals, it often appears as the geospatial community is on the outside looking in at important discussion.
Given the complexity of geospatial technology, it is unlikely that many privacy professionals take the time to learn geospatial technology or the many critical uses of geoinformation. As a result, if the geospatial community wishes to make sure its voice is heard so future laws, regulations and policies are rational, consistent and transparent, it is imperative they better understand the legal and policy constructs developed around privacy and data protection.
First, consider there is no single authority responsible for privacy law in the United States. Many other countries have a single authority with this mandate. At the federal level Congress, the Federal Trade Commission (FTC), Department of Commerce and federal courts all have some say in privacy. In addition, the legislatures and court systems of each state also have jurisdiction over certain aspects of privacy. In fact, a decision by a court in the state of California about a zip code being “personally identifiable information” under California state law may have the most far reaching impact on the geospatial community. The California court’s analysis already has been applied in other states, including Massachusetts and New Jersey. In addition, one can expect smart (and aggressive) plaintiffs will try to use this case as precedent in other matters that involve location privacy.
Second, legislation was introduced in more than 40 states to address concerns associated with UAS. While not all of these bills have become law, at least eight states have passed legislation regulating UAS with regards to privacy. Many of these concern the use of UAS by law enforcement, probably because law enforcement and EMS are the primary users of the technology at this time. However, other legislation, such as in Texas, would restrict the use of UAS by private citizens.
The geospatial community also needs to recognize concepts of privacy are changing, particularly with regard to location. For example, members of the geospatial community are often heard expressing the view that information collected on an individual in public places does not infringe upon that individual’s privacy. The Supreme Court decided not to directly address this issue in the case of U.S. v Jones, regarding the use of GPS tracking devices to follow a suspect in public spaces without a warrant. However, it is clear from the decision a growing number of justices have the viewpoint that monitoring of an individual’s activities for long period of times in public places may violate the Fourth Amendment. Similarly, the outcry over the map created by a New York newspaper of registered gun owners highlights even public data can result in privacy concerns.
Understanding the Law and Perceptions
It is also important for the geospatial community to recognize privacy protection in the U.S. is heavily influenced by two important concepts. The Fair Information Practice Principles (FIPP) is a widely accepted framework that is at the core of the Privacy Act of 1974 and has been adopted by many U.S. states and many foreign nations. The core elements of FIPP include (i) notice, (ii) choice/consent, (iii) access, (iv) integrity/security, and (v) enforcement. More recently the concept of Privacy by Design has become popular in the privacy community. The concept of Privacy by Design has been supported by the Federal Trade Commission and emphasizes systematic and verifiable methods of risk management, preventing breaches of data protection, and achieving privacy protection goals “through innovative optimal techniques.”
In the Big Data era, it is not enough to simply state a particular type of geoinformation should not be subject to privacy concerns. It is too easy to combine disparate and seemingly innocuous data sets in ways that could identify an individual. For example, in the New York example described above, gun owners and privacy proponents only became alarmed when a publicly available list of registered gun owners was aggregated with the geospatial information contained in a map. As a result, a working knowledge of these important concepts is necessary to engage the privacy community in any discussion as to why certain types of geospatial information should or should not be regulated.
Geospatial organizations can stay informed on developments through organizations such as the Centre for Spatial Law and Policy. They can then use this information to engage with the Federal Trade Commission in their periodic meetings with the public on important privacy topics. They can also actively engage their Congressional delegation when important legislation is being considered. Moreover, there are some steps companies who collect or use large amounts of geospatial information should begin implementing internally to demonstrate they understand risks to privacy. For example, companies can train employees on the potential sensitivities associated with geospatial information and implementing proper information security.
UAS is Just the Beginning
The debate over UAS is part of a larger debate regarding privacy. The geospatial community is caught in the crosshairs. Even if one can collect UAS imagery, other information may or may not be collected which has value and could violate privacy concerns. Without an understanding of privacy, the voice of the geospatial community is likely to be overlooked or dismissed. Without an input into such an important debate, there is a substantial risk the geospatial community will wake up one day and find that they can’t do the things they want to do. Worse yet, it may find that it is no longer able to do what they currently can do with manned aircraft.