Monday, December 27, 2010

Call to Action: "Privacy" Regulations Threaten Geospatial Profession

Practitioners in the surveying, mapping and geospatial community should act on an urgent issue that will have a particularly adverse impact on business.

There are various efforts underway in the federal government to create new "privacy" protections for citizens. This applies to the collection, storage and use of certain data about individuals, including their address. All use the term "precise geolocation data" and prevent any private firm from collection, storage and use of such data without the citizen's advance approval.  This is an impractical and impossible requirement for private geospatial firms.

While there has been some abuse of personal information by some firms in some sectors, such as phishing -- the process of attempting to acquire sensitive information such as usernames, passwords, on-line habits, e-purchases, credit card info, etc.  in an electronic communication, e.g. Internet - none has involved MAPPS members or the specific geospatial community.

However, these proposals are poorly written, do not define precise geolocation data, and have serious unintended consequences for industries and professions beyond those these Federal authorities are attempting to regulate.

The PowerPoint, which MAPPS Executive Director, John Palatiello, presented to the National Geospatial Advisory Committee (NGAC) on December 7, 2010, provides background on the issue.

On December 1, 2010, the Federal Trade Commission (FTC) staff issued a report on privacy. While the news media has focused on the proposed, voluntary "Do Not Track" program for web browsers (similar to the "Do Not Call" list for telemarketers), what has gone relatively unnoticed is the fact that the FTC is also proposing regulations and policies that will shut down the geospatial community. Please peruse the FTC news release and the full text of the FTC report. On page 61 it reads, "The Commission staff has supported affirmative express consent where companies collect sensitive information for online behavioral advertising and continues to believe that certain types of sensitive information warrant special protection, such as information about children, financial and medical information, and precise geolocation data. Thus, before any of this data is collected, used, or shared, staff believes that companies should seek affirmative express consent."


There are two major problems with this proposal.
  1. This proposal (like legislation that was introduced but not acted upon by Congress), uses the very broad term "precise geolocation data", but does not define the term. This is very dangerous.
  2. To require that any geospatial firm to get "affirmative express consent" from every citizen about whom precise geolocation data is to be collected is impractical to the point of being impossible. This is not just data about an individual, but any "precise geolocation data". This would require every citizen to be contacted and approval obtained before parcel data is collected, or imagery, or elevation data, or any other geolocation data.

Public comments on this proposal are due January 31, 2011. I respectfully urge you to submit comments. Here are points you may wish to make. Here's how to submit comments.
 
More recently, on December 16, 2010, the U.S. Commerce Department issued a report, Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework. While this report is more focused on the internet, it includes "Recommendation #10: The Administration should review the Electronic Communications Privacy Act (ECPA), with a view to addressing privacy protection in cloud computing and location-based services" (p63) "we seek further comment and data from the public concerning ECPA's effects on the adoption of cloud computing and location-based services" (p65), "The social importance and economic value of recent digital communications innovations and new types of information, such as geolocation data collected from cell phones and content (text, voice, and video) stored in cloud computing systems, cannot be overstated" (p65) and The Task Force also seeks input on whether the current legal protections for transactional information and location information raise questions about what commercial data privacy expectations are reasonable and whether additional protections should be mandated by law. The Task Force also invites comments that discuss whether privacy protections for access to location information need clarification in order to facilitate the development, deployment and widespread adoption of new location-based services (p67)."

Here is the Commerce Department's Press Release: Commerce Department Unveils Policy Framework for Protecting Consumer Privacy Online While Supporting Innovation. Please note that comments to the Commerce Department are due January 28. Submit comments to privacynoi2010@ntia.doc.gov.

If you have any questions, please contact John "JB" Byrd, MAPPS Government Affairs Manager, jbyrd@mapps.org or (703) 787-6996.

I respectfully urge you to submit comments to both the FTC, by January 31 and the Commerce Department, by January 28.

Finally, MAPPS is collecting examples of the activities and applications these proposals would prohibit. Please provide examples in the Comments section below.

More information will be provided, including the MAPPS Comments to both the FTC and Commerce Department, as they become available.