Category: Thoughts

For a few years now I have often talked and made presentations on the theme of “Ambient Location”, the ability of Geospatial applications mostly on our mobile devices to share their location to services in the cloud, which in turn has allowed useful real time information products to be developed.

The most obvious example of Ambient Location’s value is the collection of real time traffic data within Mobile Navigation and Mapping apps, whose users contribute their movement data to allow real time traffic information to be displayed and used in providing directions avoiding congestion.

Until recently less well known was the use of Ambient Location to estimate the busyness of specific locations in Google Maps for example, this has become more visible as the data is used to present mobility data trends as a response to the COVID-19 epidemic .

Clearly the use of this type of information raises important ethical questions as to how this type of information should be created, managed and used. Quite rightly information about our location and movements is highly sensitive and by its very nature has considerable privacy implications many of which may not be initially obvious.

Quite rightly information about our location and movements is highly sensitive and by its very nature has considerable privacy implications many of which may not be initially obvious.

With Ambient Location or widespread location sharing a relatively new technological capability, there is yet a well established understanding of their societal impacts and we therefore need a broader discussion of their ethical use.

With the widespread adoption of Contact Tracing apps in response to the COVID-19 epidemic the need to develop an ethical framework is more urgent, however the ethical use of Geospatial information has a context that extends far beyond contact tracing.

I present below a few talking points that provide a use framework for the ethical use of Geospatial Technology, these are not complete or comprehensive and I would be interested in your comments…

As with anything else I post here these are my personal opinions and not those of any organisation or my current employer !

Efficacy

For as long as I can remember there has been a nightmare scenario of mobile marketing, you walk past a shop and are bombarded by text messages and pushed notifications offering you special offers… The reason this does not happen is that such intrusive advertising would not work and would only annoy potential customers, such a use of ambient location would not produce the results desired, it is an issue of Efficacy – In simple terms would it even work ?

In simple terms would it even work ?

In terms of contact tracing, there is some evidence that tracing apps may work, but there is a reasonable question as to their effectiveness to supplement existing manual tracing techniques.
Approaches to contact tracing have focused on the more limited capability of proximity detection using bluetooth LE as technologies such as GPS/GNSS are not precise enough, and are therefore prone to false positives..

There is context to efficacy of course, you might want to try a technique that is unproven if circumstances are severe, a global pandemic might be such an example? If so would it be acceptable to experiment first to gather data using a time limited application ?

Would an analytical product looking a trends over time deliver timely results to decision makers? In the increasingly real time world, an application collating crowd sourced station congestion data would need to be able to publish that information quickly enough for the data to be useful to potential passengers.

Linked to this would be the efficacy of an application over time, while it might be acceptable to collect information during an emergency, for example monitoring the location of the population during a hurricane evacuation, the location data would and should have no value when the storm has passed.

This level of specificity of use is a general requirement of most data protection legislation, in that data should only be collected for a particular use – so you would be prevented from using the data later for any other purpose..

Transparency in App stores policies and Operating systems notifications helps here, making it clear that your Flash Light application wants access to your location allows the user to make an informed decision about using the App – (hint- Don’t!!)

Equability

It’s easy to imagine the development of an application that uses a devices location to validate financial transactions to minimise fraud, transactions will only be valid if the device is at the same location as the retail purchase..

But is it acceptable to expect everyone to have a smartphone with Ambient location technology to be able to make purchases ?

Access to services should not rely on access to expensive sophisticated devices, an alternative needs to be available for those without or unwilling to use smartphones for example.

Access to services should not rely on access to expensive sophisticated devices

Of course it may be the case that the experience from a user perspective may be lower without, for example sharing account information, as is the case with the incognito mode in Google maps – but it is important to offer the user choice.

It’s easy in our tech bubble to forget there are sizeable populations around the world who do not have access to mobile devices or more fundamentally the internet itself, there is also a generational bias to contend with although this may be over estimated.. A teenager buying a book on Amazon the year it was founded could be today in their mid forties !

Execution

These are the principles that are most concrete as they result from the design choices made by Application and Service designers. There will of course always be scope for compromises and seldom are choices clearly right or wrong, there must be the ability to use a nuanced approach..

As a designer you need to address the following questions, these are by no means comprehensive but a useful starting point ;

Is the collection and then sharing of Ambient Location information voluntary ?
It should be clear the collection and sharing of location data are different things.
Clearly a ride sharing application needs to be able to access your phones location to arrange the dispatch of the closest car, however the collection of your location data while you are walking about for analytical purposes is not necessary for the operation of the service and you should be able to opt out of this form of collection if you wish.

Is there a mechanism for the user to explicitly consent to the sharing of Ambient Location Information?
Even if the collection and sharing of location data is not optional there should be an explicit notification and on going reaffirmation of the users agreement. This is important particularly if location sharing is a background process with little or no user interface indication that it is happening.
Of course the user should be able to change their mind and temporally or permanently stop sharing at a time of their choosing.

To allow informed consent, is the purpose of data collection and/or sharing explained?
This is a key element of most good data protection regulations, you need to explain clearly why you are collecting location information and how it will (not may) be used. You may share your location information (perhaps proximity) with the Apple Store, so that the Genius will known you have arrived for your appointment for example. Although it might be useful to know the other stores you have visited before Apple, if they don’t state they will use the data for that purpose, they must not use it ! And to be clear they don’t !

Is the purpose of Data Collection/Sharing suitably limited ?
Again a key data protection principle is to only collect the minimum amount of data required, there is no allowable concept of “nice to have in case we need it” . In geospatial terms there is a particular issue with resolution both in terms of time and space, there are very few applications outside of turn by turn navigation that require precise real time location data.
For your hyperlocal weather forecasting app wifi or cell based positioning to within a hundred metres is easily good enough!
At some point I will do a longer post on Differential Privacy, but an element of its use in Geospatial Information is the reduction of data resolution to enhance data privacy.

Is the data kept securely and users’ anonymity preserved?
There needs to be a really, really good reason for Ambient Location information not to be anonymous. Importantly for most of the applications where Ambient Location information is used to “sense” the world, anonymous data is all that is required.

Importantly for most of the applications where Ambient Location information is used to “sense” the world, anonymous data is all that is required.

It might be that some considerable effort, as in differential privacy, must be applied to data to maintain privacy , but there is great risk associated with linking individuals to their location.
The recent debate on different approaches to contact tracing, centralised vs. decentralised is illustrative here, in both cases the data collected is anonymous however there is greater risk in the centralised model that there could be a security compromise and data “could” be identifiable at least theoretically.
The risk comes from storing the data in one location as opposed to distributed on individual devices. Against this risk of course there may be counter arguments that from a perspective of epidemiology it is valuable to be able to view the graph of user interactions only possible with a central repository of data.
Regardless of where Ambient Location data is stored it should be secure, encrypted both “At Rest” e.g. on the device or server but also “In transit” while moving across the network between device and server.

Is the scope of Personally Identifiable Information (PII) Understood?
The data that can be considered to be personally identifiable extends beyond the obvious name, address and telephone number and there are grey areas specifically with types of Geospatial Information.
Any data that, with the favourite legal term of “reasonable effort”, can be used to identify an individual data subject is Personally Identifiable Information. So the IP address of the client using your service is PII, as is any device ID specific to a mobile phone for example such as the IMEI or IMSI code.
These are obvious, but geospatial imagery also brings unique challenges. While satellite imagery and aerial photography can be argued to be not PII as the resolution of imagery and the generally vertical orientation of imagery makes identifying individuals impossible, the same cannot be said for terrestrial imagery.

Because it would be possible to combine an image taken at ground level where an individual could be recognised, with metadata of when the image was acquired it is necessary for services such as Google Maps “Street View” and Apples “Look Around” to blur faces and car registration plates.

Is there a “Break the Glass Protocol?”
There are already provisions within privacy legislation such as GDPR which allow emergency services access to PII and location data for emergency use. The obvious example here is the use of AML to provide accurate handset derived location data when users dial for emergency assistance from their mobile phone.
As I have noted before in the case of the lost backpacker Theo Hayez, who disappeared from an Australian Resort a year ago, there maybe occasions when for the safety of an individual their location should be shared with emergency services without their explicit consent.
This is clearly a complex area, in the case of Theo he was an adult and his family and detectives were able to obtain his location history from Google Maps by using a recovery password on his account. But he had not agreed to this data sharing, and it would also be reasonable to believe this was not justified.
There are of course legal processes which can be used by government agencies to obtain access to location information from service providers but these quite rightly take time.

Perhaps a protocol that users agree to in advance which identifies circumstances or individuals with whom location data may be shared is a way to approach this. Another perhaps better alternative are dedicated emergency applications that users may use to identify use cases where location data sharing is temporarily acceptable, e.g If I don’t return from my evening walk at the expected time, share my location with my partner for the next few hours.

Eradication

The final E is really about the end.

What happens to Location data after its immediate use.
Is the collection of Ambient Location Information temporary and limited to a defined period of storage, and if not why not ? Again of course there may be applications where the user might want data to be stored indefinitely, for example I have been storing my Location History in Google Maps since 2011 and it’s nice to be able to look back at my travels. But this is my explicit choice, recently an option has been introduced to automatically delete your location history after a period time – of course after you have opted in to it’s collection in the first place !

For all services which will store a users Ambient Location Information there needs to be a clear and well explained decommissioning process, what happens when I no longer use the service and what happens when the service is retired. There is a clear expectation that the data will be securely deleted from all systems, but again there may be justifications for keeping information for analytical purposes.
The soon to be released? NHSx contact tracing app it is reported for epidemiological research purposes would like to store user data (anonymised ?) for up to 20 years, this period of time I would expect would require considerable justification but again there may be valid reasons.

So there we are the four E’s are Efficacy, Equability, Execution and Eradication – what do you think ?

Over the last month we have all become regular video conference participants, of course very much par for the course for me but the rest of the family are now taking part in online quizzes, community meetups and have become experts in the use of tools such as Zoom, Houseparty, and even Microsoft teams !

In this short post I’m not going to cover the etiquette of video calling (Mute when not talking and don’t multitask it’s rude) rather offer some pointers to making you look and sound good or at least a little better on screen.

Sounds Good ?

At the very minimum you should be able to improve the way you sound to other people on the call. A common thread here will be to avoid using the inbuilt microphone/camera on your computer and instead something a littlebetter. In terms of the cheap and usually rather hidden microphone on your computer a better replacement would be the simple headphones you might use for your phone (with a 3.5mm jack plug).

Better would be dedicated headset even one with noise cancelling perhaps, the great advantage here is that the microphone ends up a consistent distance from your mouth.

I am a big fan on Plantronics devices, but there are many available at most price points, of course you do end up looking like an Apollo Flight Director at Mission Control but hey that’s not a bad thing.

Having a good microphone does make a big difference to the quality of your interaction of course even if you don’t use video so it is worth making the effort here – if you really want great results then a condenser microphone which produces the warm sound of talk radio is the ultimate upgrade. With a condenser microphone such as the Blue Snowball below make sure you put the microphone into cardioid mode which will pick up sound from directly in front of the microphone only.

Most video conferencing systems can cope with the duplex problem of broadcasting what you are hearing and thus creating a nasty feedback issue, however I think it’s always best if you can and especially if you are alone to use a headset/headphones for listening to the call.

Camera – it’s all about the glass

So goes the photographers mantra, it is all about the glass, e.g. the quality of your camera lens. Once again your very expense laptop probably has a cheap inbuilt camera prone to poor low-light performance, motion blur, and noise artifacts – otherwise known as looking rubbish.

The obvious step is to use an external webcam, such as the popular Logitech 920 but these have become very hard to find recently with the unprecedented growth of home working.

There are of course many other webcams from various OEM’s but there is a very good alternative already in your pocket..

Use your phone for video conferences

Your relatively expense smartphone actually has quite a high quality front facing camera for taking all those selfies and combined with computational photography techniques produces excellent results when used as a video conference camera.

Most of the popular video conference systems have a phone app for both iOS and Android and allow you to connect using the same links you would use on your computer. Indeed in most cases you can login on your phone for video/audio calls and at the same time your laptop to follow along with slides etc..

Key to success here is positioning your phone, you don’t want to be holding your phone for any extended period of time and of course want to avoid the “up the nose” camera angle if you can avoid it. The solution is to use a small desktop tripod such as the Gorillapod or Manfrotto mini tripod with phone clamp.

Note : most consumer video conference tools don’t support true HD so it maynot be worth trying to gone beyond 720p 30fps if you have the choice !

Try to position your camera at eye level, so with my example above I would aim to put the tripod on some books perhaps to raise the camera or course a webcam on top of your monitor is perfect but remember to look into it, for other on the calls you donlt want to appear distracted looking at something more interesting (unless of course you are commenting on the quality of the proceedings so far!)

And finally lights !

If you have ever visited a Film set or TV studio you will know the importance of lighting, so even in your home office or bedroom adjusting lighting can make a huge difference to how you look on screen.

Most importantly try to avoid backlighting, your camera will try to adjust exposure as much as possible but if you are in front of a window you will always appear dark almost in silhouette as the bright light coming in from the window dominates. So if possible move the camera so the light is behind it.

If you are using artificial lights the same rules apply, move a table lamp or use the bright screen of your laptop to try and light your face. Ideally you want to have multiple lights to provide both key and fill lights to prevent shadows forming on your face. I use some LED spotlights from Ikea above my monitor to achieve this and the results are quite good.

Here are some examples of the difference lighting makes..

So now when the BBC or CNN skype you for your comments on something or another, and yes they are getting that desperate, you may look as good or better than the host !

Does not quite have the same significance as 31 December 1999, but I’m sure someone in the mainstream press will soon draw the parallels with Y2K with stories of Airliners getting lost or Trading systems failing due to timing errors, April 6th 2019 is the date when GPS systems reset !

Actually for the second time the week code broadcast as part of the GPS signal is resetting back to zero.

The GPS system uses 10 bits to store the GPS Week Numbers starting from 6th January 1980, so every 1,024 weeks (approximately every 20 years), the GPS Week Number rolls over from Week 1,023 to Week 0, this is known as a GPS Week Number Rollover. This has already occured on August 21, 1999 but that was before the explosion in the use of GPS is smartphones, drones, buses etc.

There are efforts happening across industry to make sure that disruption is minimised, but there may be issues with older GPS receivers and smartphones .

With modern connected devices firmware updates can be applied without to much effort, I remember because I’m had one Garmin and Magellan sending out RS-232 cables and CD-ROMS to update their receivers in 1999 !

In summary look out for firmware updates and “Don’t Panic !”

LHR – JFK don’t those six letters cause some excitement to even the most seasoned traveller, there is still just a little romance left in air travel.

Romance here is the “feeling of mystery, excitement and remoteness from everyday life” as opposed to love !

For me part of the romance comes from the Airport codes themselves, those three letter IATA codes are a shortcuts to destinations known and imagined and each have a personal resonance. Many of the codes also have an antecedence that  provide a fascinating window into the early days of air travel.

LHR London HeathRow is both the starting point of most of my travels but also a link back to a childhood spent on the roof of the Queens Building watching British Airways Tridents, VC-10’s and 747 classics departing to destinations I never expected to visit in my lifetime.

Of those childhood destinations and even today New York’s JFK the airport named after president John F. Kennedy was always a destination that sparked my imagination, the destination of those Pan Am Clipper 747s and of course Concorde it was just such a  glamorous destination.  The name of course was the product of tragic history,  the original name of the airport, Idlewild also sounds wonderful but was named after a local Golf Course.

New York’s second international airport, New Jerseys’ Newark has the very functional code of EWR – NEWaRk.

LCY or to those who use if often Lucy

As an alternative to the giant that is Heathrow,  Londons CitY Airport, LCY provides a wonderful contrast harking back to the golden days of air travel when every flight began with that exciting trip up a set of stairs to the aircraft door, Jet-Bridges are just not the same.

LCY is loved by many  is often just called Lucy as a mark of familiarity.

London’s GatWick LGW, Paris Charles De Gaul CDG and of course HELsinki’s HEL are obvious in they derivation, but why is Chicago’s mega airport ORD and Los Angeles LAX ?

The use of Airport codes was originally introduced in the United States for Meteorological reporting  with airports making use of the existing two character city codes developed by the National Weather Service, Los Angeles was LA for example.
It was clear that this system was not going to work with the massive increase in Air Travel after the Second World War so in 1947 a three letter code system was introduced and to pad the existing codes a letter X was often introduced so Los Angeles became LAX, and PortlanD PDX .

A similar approach was taken in Canada where the two letter codes used by Canadian Railways were given a Y prefix so VancouveR’s code VR became YVR, and  QueBec’s code QB YQB.

Most interesting of course are the codes which don’t seem to make sense,  DCA Washington’s District of Columbia Airport  is perhaps not obvious but makes sense but why is the larger international airport in Washington IAD ?  Originally the Dulles International Airport DIA was too similar to DCA so it was simply reversed DIA becoming IAD !

Other codes which don’t seem to make sense are often the result of name changes as Airports have grown or cities have themselves changed name, so CMH the airport serving Columbus Ohio was once just the Columbus Municipal Hanger and of course Mumbai was a city once called BOMbay.

My personal favourite is Chicago’s ORD, very few peoples top airport, we might not feel so negative if it had retained it’s original name ORcharD Field !