Group 8 - Tracing Tracking Submission

Gaurav Deshmukh
Madalasa Venkataraman
Yashveer Arya
Link to the Video:
drive.google.com
PDA Group 8 Midterm Submission - Google Drive
 Location Tracking
Location tracking uses the location provided by the user to deliver a service, information, or perform a
specific task. The user location can vary from very precise to approximate.
Core use cases include:
Live Traffic, navigation, and public transportation apps
Travel and check-in apps for travelers
Social and dating apps
Food delivery and restaurants

Location privacy has become much more critical after the use of smart phones and wearables that are
carried in person in an always – on mode.
“The concept of location privacy can be defined as the right of individuals to decide how, when, and for
which purposes their location information could be released to other parties.”
How tracking works (Hardware POV)
Global Positioning System (GPS)
GPS is the most widely used form of geolocation technology used on mobile devices. GPS geolocation is
based on communication satellites that orbit the earth, that continuously broadcast their status, exact
location, and precise time. A GPS device that receives these signals is able to determine its GPS location.
The accuracy of the GPS location is based on several factors including atmospheric conditions, signal
blockage, and receiver design and quality, and it is between 33 to 330 feet. There are multiple techniques
that fraudsters routinely use to spoof location, including GPS spoofing apps, VPNs, Proxies, and emulators.

Wi-Fi location positioning

Wi-Fi positioning, known as WPS or WiPS, is based on Wi-FI hotspots and wireless access points. The
most common method for geolocation is based on measuring the receiving signal strength - known as
the Received Signal Strength Indicator (RSSI) from a number of Wi-Fi hotspots or access points. Wi-Fi
positioning is particularly useful for indoor positioning where GPS does not perform well.
Cellular location positioning
Cellular networks are enabled by a network of cell towers that transmit the radio waves that are used for
mobile communication. Similar to how satellite signal broadcasts are used to locate a device, cell tower
signals can also be used for geolocation, although this method is not as accurate as GPS, typically only
accurate to within an area of 0.75 miles.

Mobiles Vs Traditional characteristics devices affecting selection

of technology
Buildin Hardware
Operating Systems & Software
Always-on Connectivity
Privacy Concerns with Location
Tracking (Solove's Taxonomy)
Identification
Is location data considered a means to identify an individual's personal information?
Identifiability is the measure by which an individual can be discerned from others. An individual's
identification can occur through direct or indirect means. Direct identification involves data like an
address or phone number, which directly pinpoint the individual. In contrast, additional information like a
postcode or health data can indirectly link information back to an individual. Here are some instances of
location data collection for clarification.
Search Engines, Apps and Websites
Search engines such as Google, use location information to provide certain services. The location data is
sourced from the device's IP address which provides real-time data. When an app has other related apps,
the information contained in these apps regarding the users' activity would be recorded.
Saved location
Apps such as Swiggy, Uber and Google use location for their services. They would prompt users to save a
location for convenience to save time for future use. This is easily used by the app to find the relevant
location data to provide a customized user experience.
User activity trend
When the user has been actively using an app or a website, it could record the trend and allow history of
the usage be saved for analysis. Upon analyzing a trend of the user's activity could be revealed. However,
this is subject to the settings and permissions allowed on the app or website by the user.
The GDPR defines ‘personal data' under Article 4(1) as, “any information relating to an identified or
identifiable natural person (‘data subject'); an identifiable natural person is one who can be identified,
directly or indirectly, in particular by reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural person.”

Secondary Use
Secondary uses of location data, while offering various benefits and services, can indeed raise significant
privacy concerns for users. Here's how each of the previously mentioned examples can lead to privacy
issues:
1. Targeted Advertising: While targeted ads can be relevant and useful, users may feel that their privacy
is invaded when they continuously receive location-based advertisements. This can create a sense of
being constantly monitored and may lead to concerns about the misuse of personal data for
commercial gain.
2. Geofencing and Proximity Marketing: Geofencing can lead to privacy concerns when users receive
notifications or marketing materials based on their location, as this can be seen as intrusive and may
reveal information about their whereabouts.
3. Fraud Detection: Users may be concerned about the extent to which companies use location data for
fraud detection and whether their location information is being stored or shared with third parties
without their knowledge.

Decisional interference
Decisional interference in the context of privacy refers to situations where external factors, such as
surveillance or manipulation, influence an individual's choices and decision-making processes. This
interference can indeed cause significant privacy concerns for users in several ways:
1. Self-Censorship: Users may engage in self-censorship when they are aware that their decisions and
actions are being monitored or influenced. They might refrain from expressing their true opinions,
engaging in certain activities, or visiting specific places out of fear that their choices could have
negative consequences or be misinterpreted.
2. Chilling Effects: Decisional interference can have a chilling effect on users' willingness to explore new
ideas, engage in dissenting opinions, or participate in activities that may be deemed unconventional.
This can stifle creativity, innovation, and diverse perspectives within society.
3. Conformity and Groupthink: The fear of decisional interference can lead individuals to conform to
prevailing norms and opinions, even when they may personally disagree. This can contribute to
groupthink and limit the diversity of thought and expression. This can limit the freedom to live according
to owns values and preferences.
4. Informed Consent: In cases where users are not fully informed about how their decisions are being
influenced or manipulated, their ability to provide informed consent is compromised. This raises ethical
concerns, particularly in situations where users may unknowingly make choices that are not in their best
interests.
5. Privacy as a Fundamental Right: Privacy is recognized as a fundamental human right, and decisional
interference can infringe upon this right. Users have a legitimate expectation that their decisions and
choices will be respected and not manipulated for external purposes.
To address these privacy concerns related to decisional interference, it is essential for organizations,
governments, and platforms to:
Be transparent about data collection and manipulation practices.
Obtain informed consent when necessary.
Ensure that users have control over the information and recommendations they receive.
Safeguard individuals' autonomy and freedom of choice.
Comply with privacy laws and regulations that protect users' rights.
The GDPR includes the concept of ‘pseudonymization', which help data controllers (similar to data
fiduciaries under the DPDP Bill) meet their data protection requirements. It is defined under Article 4(5) as
“the processing of personal data in such a way that the data can no longer be attributed to a specific
data subject without the use of additional information, as long as such additional information is kept
separately and subject to technical and organizational measures to ensure non-attribution to an
identified or identifiable individual.” Simply put, ‘pseudonymization' is the process of separating data
identifiers from the data, without holding any additional information, where identification is not possible.
 Vulnerable populations and location privacy
• Vulnerable individuals as people who are more susceptible to privacy violations that result in
emotional, financial, or physical harm or neglect as a consequence of their race, class, gender or
sexual identity, religion, or other intersectional characteristics or circumstances that marginalize
them from society. (McDonald and Forte 2022)1
• Sometimes seemingly benign apps can have nefarious uses
• KidGuard, an app to keep tabs on children, used to surveil spouses, by stalkers tracking their
victims, etc.
• Spyware mSpy used in Intimate partner violence2
• The tracking app company mSpy told The New York Times that it sold subscriptions to more than
27,000 users in the United States in the first quarter of this 20183

1 McDonald, N., & Forte, A. (2022). Privacy and vulnerable populations. In Modern socio-technical perspectives on privacy (pp. 337-363). Cham:
Springer International Publishing.
2 Chatterjee, R., Doerfler, P., Orgad, H., Havron, S., Palmer, J., Freed, D., ... & Ristenpart, T. (2018, May). The spyware used in intimate partner violence.

In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 441-458). IEEE.
3 https://www.nytimes.com/2018/05/19/technology/phone-apps-stalking.html
Location privacy – user controls
• In Laptops, networks –
• location spoofing software,
• use of VPN’s to both confuse location specific content (to watch Netflix US from India, for example),
as well as to genuinely protect vulnerable populations4
• In phone and other IOT or wearables –
• Location spoofing
• Fine-grained and coarse grained location control to balance fraud detection while protecting
individual location
• Difference in location enabled services (where location is checked once, but not stored) and
location tracking services
• Options to ‘Allow once’, ‘Allow always’, ‘Allow in background’
• Explicit location permissions managed through browser and phone operating system ; since
location depends on OS managed software, checking apps that track location is easier.

4 BoZhao & Daniel Z. Sui (2017) True lies in geospatial big data: detecting location spoofing in social media, Annals of GIS, 23:1, 1-
14, DOI: 10.1080/19475683.2017.1280536)
Celebrated cases

• The Border Patrol used commercial location data to round up

suspected illegal immigrants without a warrant.
• (https://www.washingtonpost.com/technology/2020/10/23/warrantless-cbp-phone-data-searches/)

• Adversarial activist groups can use location data tracking to target

specific individuals.
• (https://www.nbcnews.com/tech/security/priest-outed-grindr-app-highlights-rampant-data-tracking-rcna1493)

• Bangladesh Provided Myanmar Information that Refugee Agency

Collected
• (https://www.hrw.org/news/2021/06/15/un-shared-rohingya-data-without-informed-consent)

• Sometimes location disable doesn’t mean you aren’t tracked

(https://www.wsj.com/articles/SB10001424052748704123204576283580249161342)
Laws and guidelines – USA and GDPR
• The FTC considers precise geolocation data to be sensitive personal information, and failure to
reasonably protect this information, or failure to adequately disclose its collection or sharing, would
violate Section 5 of the FTC Act
• FTC regulates children's online privacy through the Children’s Online Privacy Protection Act (COPPA).
• Under CCPA ( California Consumer Privacy Act (CCPA) ) geolocation data is subject to notice and
transparency requirements, along with the consumer right to access, deletion, and opt-out. Therefore,
consumers have the right to request the types of location data being collected about them and how that
information is being used. They can also direct companies to delete their location data being collected
and restrict them from selling their location data to third parties.
• Under the GDPR, location data is considered to be any information collected by a network or service
about where an individual's device is or was located, including the following details:
• The latitude, longitude or altitude of the device
• The direction of travel of the user
• The time the location information was recorded
• This excludes GPS-based location information collected from mobile devices since this information is created and collected
independently of a network or service provider. Businesses can also only process location data with the authority of the
network or service provider if it is anonymous or if consent is obtained from the user.
Guidelines for protection
• International immigrants - Red Cross’s Handbook on Data Protection in Humanitarian Action -
Second Edition (https://www.icrc.org/en/publication/430501-handbook-data-protection-
humanitarian-action-second-edition)
• Self regulation in advertising (though not very successful)
• Geofenced location tracking within small radii only
• Ensure individual geolocation data is anonymized (but beware of the associated risks)
• Establish proper policies for third parties collecting geolocation data.
• Gain explicit consent before the collection of geolocation data.
• Australian govt’s guidelines for mobile developers. https://www.oaic.gov.au/agencies-and-
organisations/guides/guide-for-mobile-app-developers
• Privacy by design (iOS)
• block certain areas from being readable by an app’s location data, or give the user the option to block
them. For example, in a check-in app, a user’s home and school locations should always be set to private
by default.