|
Privacy Invasive Geo-mashups: Privacy 2.0 and the Limits of First Generation Information Privacy Laws
(WORK IN PROGRESS – LAST UPDATED 06/29/09)
|
|
Mark Burdon |
|
Research Associate & PhD Candidate Faculty of Law & Information Security Institute Queensland University of Technology Australia
Author Biography Mark Burdon M.Sc. (Econ) Public Policy (Lond), LLB (Hons) (LSBU, UK) is a PhD Candidate and Research Associate at the Queensland University of Technology’s Faculty of Law and Information Security Institute. He has worked on a diverse range of legal/socio/technology related projects involving the development of an Australian data breach notification framework, e-government information structures, consumer protection in e-commerce and information protection standards for e-courts. His PhD is examining the relationship between the legal concept of information privacy and sociological forms of power.
Research Funding Details The author gratefully acknowledges funding support from the Smart Services Cooperative Research Centre and the Queensland Government Department for State Development.
Contact Details Please contact the author by email at m.burdon@qut.edu.au
|
|
|
Privacy Invasive Geo-Mashups: Privacy 2.0 and the Limits of First Generation Information Privacy Laws
Author*
III. Privacy-Invasive Geo-mashups
A. Unauthorized Use of Personal Information
1. British National Party Membership List
2. Amazon.com’s Wish Lists & Data Mining
B. Inadvertent Disclosure of Personal & Sensitive Information
A. The Foundations & Legal Principles of First Generation Information Privacy Law
B. Zittrain’s Criticism of First Generation Laws
V. The BNP Geo-mashup: From Binary to Multiple Personal Information Relationships
VI. Privacy 2.0 Solutions for Privacy Invasive Geo-mashups: Embedded Technical & Social Standards
Online technological advances are pioneering the wider distribution of geospatial information for general mapping purposes. The use of popular web-based applications, such as Google Maps, is ensuring that mapping based applications are becoming commonplace amongst Internet users which has facilitated the rapid growth of geo-mashups. These user generated creations enable Internet users to aggregate and publish information over specific geographical points. This article identifies privacy invasive geo-mashups that involve the unauthorized use of personal information, the inadvertent disclosure of personal information and invasion of privacy issues. Building on Zittrain’s Privacy 2.0, the author contends that first generation information privacy laws, founded on the notions of fair information practices or information privacy principles, may have a limited impact regarding the resolution of privacy problems arising from privacy invasive geo-mashups. Principally because geo-mashups have different patterns of personal information provision, collection, storage and use that reflect fundamental changes in the Web 2.0 environment. The author concludes by recommending embedded technical and social solutions to minimize the risks arising from privacy invasive geo-mashups that could lead to the establishment of guidelines for the general protection of privacy in geo-mashups.
There are now over one billion Internet users worldwide.[1] The wider availability of high-speed broadband[2] has facilitated greater levels of information sharing and culminated in the second generation of the Internet, often labeled as Web 2.0. Consequently, Internet users now create, store and publish more information online.[3] The social networking site, Facebook, has published online over fifteen billion photographs uploaded by the site’s user community.[4] Facebook publishes an average of 220 million new photographs each week and at its busiest; Facebook can publish around 550,000 photographs per second.[5]
Contemporary Internet environments have propagated new online technologies and sources of data, which culminates new technical, social and economic structures. Different types of information are now available that can be easily re-composed into new content. The increased availability of geospatial information is a prime example. Geobrowsers[6] now make it easier for Internet users to create geo-mashups, individualized and specialized maps that use freely available, or user generated information. For the purpose of this article, a geo-mashup[7] is defined as an information system that combines one or more data streams that is overlaid on an online geographical interface, to create original content.[8]
The numbers of geo-mashups continue to rise inexorably. In mid-2005, the leading UK mapping website at that time, MultiMap had 7.3 million visitors and 47 million visitors used the leading USA equivalent, MapQuest.[9] In 2007, following the introduction into the market by Google, an estimated 71.5 million users visited Google Maps and a further 22.7 used Google Earth.[10] In the same year, an estimated 50,000 new websites had a Google Maps component Google Maps.[11]
The rapid growth of geo-mashups highlights the shift from one directional, information provision in Web 1.0 to the bi directional collaboration and interaction of Web 2.0.[12] This change has brought with it, a concomitant set of new privacy concerns. Zittrain categorizes these new privacy problems as Privacy 2.0 and provides a cogent argument for the application of new ways to think about privacy in “the generative Internet”.[13] He argues that innovative applications of privacy protection are required that transcend the first generation of privacy laws which focus explicitly on information privacy and the regulation of organizational activities related to the collection, storage and use of personal information. First generation limits arise in Web 2.0 structures because new data relationships emerge from the active participation of individual Internet users as well as governmental or corporate bodies. Using Zittrain’s work[14], the author contends that threats arising from privacy invasive geo-mashups require the implantation of effective protections in the fabric of technical and social structures that surpass the legislative limits and the regulatory capabilities of first generation laws.
Part II highlights Web 2.0 growth and the rise of geo-mashups. Two types of geo-mashup are identified: location and function oriented. Part III identifies a small number of privacy invasive geo-mashups that have given rise, or have the potential to give rise, to privacy concerns. Part IV details Zittrain’s Privacy 2.0 and examines his criticism of first generation information privacy laws in light of changing information relationships. Part V, applies key principles of Privacy 2.0 to a privacy invasive geo-mashup to highlight the limits of first generation information privacy laws. Part VI recommends Privacy 2.0 based technical and social solutions to mitigate the negative effects of privacy invasive geo-mashups. Finally, in Part VII, the author concludes by calling for the development of Privacy Standards for Geo-mashups that would balance the requirements of continued geo-mashup innovation with the advancement of effective privacy protections against privacy invasive geo-mashups.
A brainstorming session at the Medialive International Conference in 2005 provided the first definition of the term “Web 2.0". The purpose of the conference was to identify the common effects of technologies that survived and flourished the ‘dot.com’ crash of the late 1990’s.[15] The conceptual basis of the phenomenon that Web 2.0 describes varies,[16] but for the purposes of this paper it is defined as
“a set of social, economic and technology trends that collectively form the basis for the next generation of the Internet – a more mature, distinct medium characterized by user participation, openness, and network effects.”[17]
The key ideals of Web 2.0 reflect the use of the Internet to foster greater user participation, to increase openness and to enhance sharing through a more decentralized structure. [18] The effect of Web 2.0 has been manifold in terms of technological, economic and social developments.[19] Regarding technology, Web 2.0 has been a transformative impetus for the expansion of new technologies that concentrate on the delivery of information based online services to individual or collective Internet users rather than the provision of software to individual computer users.[20] For example, the makers of high quality word processing software geared their products towards individual personal computers and governed software use through specific license agreements. Now, such software is now freely available over the Internet.[21] In economic terms, shifting technology patterns fostered a change in how online technology providers perceived Internet users. Companies realized that greater user involvement through active participation in product development, adds value to the enduring expansion of “perpetual beta technologies”.[22] Internet users were not just content consumers, but they were now content producers.[23] Online software companies tailored designs to match Internet user needs through new information exchange channels that led to the greater sharing of knowledge.[24] Successful Web 2.0 companies exploited the collective intelligence of web communities through customer interaction and facilitated collaboration with Internet users.[25]
The change of Internet users from passive content consumers to active co-producers heralds the most significant social modification caused by Web 2.0. New technologies provided a foundation for the rapid escalation in the amount of user generated content published online.[26] New modes of online service delivery enabled the collection and publication of information from mobile devices that made Internet user participation more relevant and instantaneous.[27] The use of everyday consumer devices, such as digital cameras and mobile phones, as mobile information collectors, enabled the incorporation of geographical elements with the publication of user generated content.[28] For the first time, it was easy to combine and share disparate sets of information, related to specific geographical locations, with other users via publication on the Internet.[29] The sharing of user geographical information spawned a user-based, geo-mashup cottage industry fueled by the arrival of user-friendly, online mapping interfaces that facilitated the production of geo-mashups.
Free and easy to use geo-browsers such as Google Maps,[30] and to a lesser extent, Yahoo Maps,[31] Microsoft Live Maps[32] and NASA’s Worldwind[33] provided a platform for non-technical users to overlay information on mapping interfaces to create geo-mashups[34]. The geo-browsers present a geospatial and visual representation of the world that is accessible via the Internet to integrate different types of data with specific geographical locations. In terms of geo-mashup technical development, application programming interfaces (APIs) have been the key enhancement.[35]
APIs are largely responsible for the growing popularity of mashups as they are able to combine different sources of publicly available data and provide an interface, either free or for a cost recovery charge, for different services based on data supplied by multiple providers.[36] As regards geo-mashups, APIs have facilitated third party online services by making the aggregation of different sets of information easier and have made the publication of overlays onto geo-browsers a relatively simple matter.[37] Because they are relatively easy to use, APIs have made application development more accessible and have enabled a wider community of Internet users to create, share and publish geographic information.[38] Internet users could now easily aggregate cartographic data with geo-tagged,[39] individual user knowledge, such as a photo of a certain place or an advert for a business.[40] For example, software engineer Paul Rademacher created HousingMaps.com[41], one of the first web mashups[42], in 2005, when he aggregated a list of San Francisco real estate properties for sale, from the Craigslist website, with Google Maps, using residential address information as the aggregation point for the map overlay.[43] In the same year, Scipionus.com[44] highlighted the potential social benefits of geo-mashups following the aftermath of Hurricanes’ Katrina, Rita and Wilma in New Orleans, Louisiana and Florida respectively. Scipionus.com produced an interactive map of the disasters, populated by Internet users on the ground, which provided helpful and important information to other Internet users and for government authorities involved in rescue and relief.[45] Internet users added notes to locations on Google Maps that enabled residents of affected areas to enquire, and receive information, about missing persons and about the status of their homes and communities.[46]
Whilst the use of APIs have enhanced the interoperability of different data sets, the other key factor in the growth of geo-mashups has been the greater availability of information in forms that can be readily used for geospatial aggregation purposes.[47] One of the key social effects of the previous decade has been the wider availability of geographic and statistical information, and more importantly, the greater willingness of organizations to share their data, either free, or for fees that enable and encourage innovation.[48] As highlighted above, Internet users have also been more willing to share their information with other users for geo-mashup purposes.[49]
User provided information for mapping purposes has been categorized as volunteered geographic information (VGI)[50] and is seen as part of the wider ambit of Neogeography[51] or GIS/2.[52] Technologies, such as Global Positioning Systems (GPS) and Radio Frequency Identification (RFID), in widespread consumer devices such as mobile phones, palmtops, satellite navigation systems and digital cameras has made the proliferation of VGI possible. It is now possible for an Internet user to plot their destination in line with the use of their consumer goods.[53] For example, digital cameras or mobile phones with inbuilt GPS can automatically provide a latitude and longitude reading for any photograph taken on the device. Not only has this enhanced a user’s ability to record a wealth of new geographically related information, but it has also had the effect of making human beings geographical sensors.[54] For example, geo-mashups now exist for cyclists to share information about cycle routes,[55] for runners to plan details of running routes[56] and for anglers to reveal the sites of secret fishing holes.[57]
These geo-mashups are defined as location oriented geo-mashups because they allow users to provide or upload information relating to a specific geographical location. Other geo-mashups that fall within this category include Wikimapia.com[58] that provides a vetted service where users can provide descriptions of places of interest along with geographic coordinates, as long as the comments meet specified criteria[59] and Flickr[60] the photography-publishing website that allows users to geotag uploaded photos to a specific location. Furthermore, Platial.com, [61] is a social networking site where users can provide comments or maps related to geographic points or their experiences around specific geographic points and Placeopedia.com[62] overlays information published on Wikipedia over a geographic location. Finally, Openstreetmap[63] is an open access street map of the world in which users populate information about specific locations.
Another type is function-oriented geo-mashups. These geo-mashups overlay information with a mapping interface to provide a geographical context related to a specific publication purpose. For example, the London Profiler[64] geo-mashup provides a range of statistical and public data on London boroughs and Who Is Sick[65] provides user generated information about illnesses contracted by individuals in geographical areas. Furthermore, the Tunisian Prison Map[66] geo-mashup provides the location of prisons in Tunisia and details human rights violations of prisoners held within those prisons and Topobiographies of the Catalan Exile[67] tracks exiles who fled from Spain during the Spanish Civil War. The One Big Thing[68] geo-mashup provides information on the US Federal Government’s stimulation package spending and Antenna Search[69] provides the location of mobile phone antenna masts anywhere in the USA. Finally, the Hospital Rankings[70] geo-mashup provides quality assurance information of US hospitals based on type of illness.
The author contends that function oriented geo-mashups can particularly give rise to privacy concerns because of how they use both personal and non-personal information with a residential address, as shown in the next part of the article.
A small number of geo-mashups have created, or have the potential to create, privacy concerns that involve the unauthorized use of personal information, the inadvertent disclosure of personal information and invasion of privacy issues. Geo-mashups that give rise to privacy issues are labeled privacy invasive geo-mashups because they able to intrude into an individual’s privacy.[71] The definition of a privacy invasive geo-mashup is intentionally broad to transcend privacy issues based solely on personal information use. The author agrees with Solove that a conception of privacy based purely on control over information only partially captures the problems that arise from increased use of personal information[72]. For the sake of completeness, privacy protection is defined as the “process of finding appropriate balances between privacy and multiple competing interests”.[73] That said, however, as this article is an introduction to the concept of privacy invasive geo-mashups and the limits of first generation information privacy laws, the author concentrates mostly on issues that arise from the use and re-use of personal information.
It is also important to concede that the small number of privacy invasive geo-mashups detailed is a minuscule fraction of the total number of geo-mashups currently published on the Internet. Whilst the examples may not be representative of the total geo-mashup population, they nonetheless provide clear indications of the types of problems that can emerge and emphasize the capacity privacy invasive geo-mashups have to affect a large number of individuals, [74] as evidenced by the first example.
In this sub-section, two geo-mashup examples are used to demonstrate concerns involving the unauthorized publication of personal information. The first gave rise to actual privacy problems whereas the second could have caused privacy concerns if published. The first example entails the membership list of the British National Party and gives rise to serious privacy concerns as identified later parts of this article.
The British National Party[75] (BNP) is a nationalist political party based in the United Kingdom.[76] The BNP contends that it is a legitimate democratic organization despite its historical background, which has links to racially related and politically motivated violence and involvement with far-right paramilitary groups, both in the UK and overseas.[77] Despite attempts at political legitimization, BNP policies remain fervently right wing.[78] Rank-and-file membership of the BNP is therefore a sensitive issue especially as some professions preclude membership of the party[79].
On November 18 2008, a disgruntled former BNP employee published the 12,000 plus party membership list on the Internet.[80] Previously, five individuals acquired the membership list without authorization in April 2008. The BNP obtained an injunction against them, which prohibited the publication of the list and ordered the destruction of any copies.[81] The membership list was nonetheless disseminated in November and published details included names, addresses, telephone numbers, email addresses and in some cases, employment details. The list also included the names and ages of children who have become members of the party after a parent had taken out a family membership, and several people who have joined the party at the age of 16.[82] Moreover, the BNP admitted that the list was outdated as it included the names of persons who had never been party members.[83] Dyfed Powys Police arrested and charged two persons with criminal offences under the Data Protection Act 1998, in a joint investigation with the Information Commissioner’s Office, regarding the publication of the list.[84]
Wikileaks,[85] a website that publishes anonymous submissions of sensitive corporate or government material[86] published the membership list on the Internet. Different organizations and individuals, used bit torrent and social networking websites,[87] to copy and disseminate the list further. More importantly, in terms of this article, both media organizations and individuals used the membership list to create geo-mashups based on its content. For example, the Times provided an overlay of the BNP membership list on Google Maps to highlight postcode areas where BNP membership was at its highest.[88] Bubbles represented different postcode districts and different colored bubbles represented the density of BNP members in the postcode district.[89] The Guardian produced a similar geo-mashup showing the population density of BNP members by political constituency rather than postcode.[90]
Individual Internet users also created BNP geo-mashups. For instance, the “BNP Near Me” geo-mashup[91] initially used single red pinpoints to represent the location of BNP members by postcode. However, unlike the Times geo-mashup, the use of the red pinpoints gave a misleading impression as they inadvertently singled out an individual residential property on Google Maps even though the pinpoint represented a postcode district. The creator of the “BNP Near Me” subsequently altered the geo-mashup after he received voluble criticism about the apparent misrepresentation of postcode information.[92] Red heat spots, replaced the pinpoints, and provided a representation of postcode area without highlighting an individual property. Another BNP membership list geo-mashup is the “BNP Member Proximity Search”.[93] An Internet user is required to enter a postcode into a search field and another webpage details those BNP members who reside within a two-mile radius of the entered postcode. Unlike the other BNP membership geo-mashups, the Proximity Search geo-mashup provides both postcode and name of BNP members. Additionally, another webpage, linked to the hyperlinked postcode, directs a user to Google Maps, which pinpoints a specific residential property.
The unauthorized release of the BNP membership list has had some serious consequences. Some BNP members have had their employment terminated[94] or have received death threats[95] and in one instance, a car belonging to the neighbor of a BNP member was mistakenly petrol bombed.[96]
In January 2006, Tom Owad published an article on the Applefritter website about governmental use of data mining techniques.[97] Owad highlighted that large amounts of information can be easily data mined using readily available, home computer equipment. The purpose of his research was to highlight how much data mining the US Government could undertake with its much larger computing capabilities and information accessing powers. For instance, section 215 of the Patriot Act,[98] allows the Federal Bureau of Investigations (FBI) to obtain a court order, without probable cause, from the Foreign Intelligence Surveillance Act Court regarding the production of "any tangible things (including books, record, papers, documents, and other items) for an authorized investigation to protect against terrorism or clandestine intelligence activities".[99] The legislation defines "any tangible thing" to include books withdrawn from a library.[100] In keeping with the nature and content of the Patriot Act, Owad conducted his experiment on wish lists created on the book-selling website Amazon.com.[101] Users can create an Amazon wish list as a guide for potential, future gift ideas[102] and by default, Amazon makes the wish lists public to anyone who conducts a search by name.[103]
It is also possible to send an item direct to the wish list creator if he or she has entered a shipping address. However, the downloadable wish lists only include city and state information and the full shipping address remains private.[104] Due to Amazon’s popularity, a vast number of wish lists exist, and whilst it is not possible to search for a particular person in an index, it is possible to conduct a search by a particular forename, such as “Mark”. Owad retrieved over 120,000 wish lists by using this type of search.[105] Owad then conducted a search on an unspecified, yet common, forename and downloaded 260,000 wish lists of US citizens. Owad selected some potentially subversive books and searched the wish list data to see who had chosen them.
The retrieved wish lists included forename but not street address. Owad was able to cross-reference the wish list names with Yahoo People Search[106] to obtain an address and telephone number of those people listed.[107] Owad then created a geo-mashup by overlaying the wish list information, with street addresses retrieved from Yahoo People Search over Google Maps. However, whilst the option was technically available to match an individual wish list entry by address to a specific satellite image of a home on Google Maps, Owad decided against this on the basis that it would be extreme and potentially lead to an invasion of an individual’s privacy.[108] Instead, Owad used city names and states as the basis for geographical aggregation. The Amazon subversive book geo-mashup nonetheless shows the issues that can arise from the unauthorized aggregation of information with a residential address.
The following sub-section examines two geo-mashup examples featuring the inadvertent disclosure of personal or sensitive information. The first involves the publication of crime statistics and the use of Google Streetview and the second entails the use of Google’s My Maps function to create and publish user generated geo-mashups.
One of the first geo-mashup incarnations was the Chicago Crime Maps website[109], which overlaid crime statistics and information from the Chicago Police Department over Google Maps. The resultant geo-mashup was seen as “a profoundly civic-minded utility: a light GIS built by a single citizen that takes one base map and a freely available store of data and makes meaning of the two in ways that can easily reach members of that community”.[110]
The success of Chicago Crime Maps spawned a number of different crime related geo-mashups by law enforcement authorities and by individuals. For example, the Los Angeles Police Department offers a crime map that provides up to date information on crimes in the city.[111] On a wider scale, Crime Reports[112] works with 468 different law enforcement agencies that provide the website with details of latest crimes. Crime Reports then geo-code the crime data and send email alerts to users who have requested updated information from a specific agency. Crime Reports then overlays crime data on a Google Map and pinpoints to a specific location.[113] However, Crime Reports protects the privacy of crime victims by ensuring that
Law enforcement agencies remove victim identification as part of the data publishing process. In addition, we help protect victim identities by converting the exact street addresses to the "block level". For example, the address "1486 Lincoln Avenue" would be mapped and displayed as "1400 block of Lincoln Avenue".[114]
The Metropolitan Police’s crime map of London also highlights the sensitivity inherent in the wider reporting of crime statistics.[115] Unlike their US counterparts, the Metropolitan Police will only release information of crimes at a borough or ward level rather than an individual street or location. Media organizations have also provided similar geo-mashups[116]. The LA Times Homicide Map[117] details every homicide in Los Angeles County. An Internet user can view murders committed in a particular location or can click on the name of a murder victim and a Google Map pinpoints the location of the crime. An Internet user can then click on the pinpoint tag for the crime, which is hyperlinked to the LA Times Blog, The Homicide Report for more details and user comments.[118] However, whilst Google Maps tags the pinpoint to a specific property, it is unclear whether this is the actual address of the crime or whether it is representative of a wider aggregation source, such as zip code.
Spotcrime[119] is similar in concept to the geo-mashups highlighted above. Like Crime Reports, the geo-mashup uses crime statistics but it also has an option for Internet users to provide details of certain crimes.[120] These crimes are searchable on the SpotCrime website along with user-supplied information. Spotcrime acknowledges the sensitivity in the reporting of crimes by partially redacting address information.[121] An Internet user can click on a reported crime to open a new webpage, which supplies a zoomed in version of the geo-mashup that provides basic crime details, such as the type of crime, the case number and the partially redacted address. The webpage also activates Google Streetview[122] and it provides a ground level photo image of the geo-tagged residential property.
The use of Google Streetview can give rise to privacy concerns relating to sensitive crimes, particularly rape. A user cannot search for rape related crimes on SpotCrime because it is not one of the searchable categories. It is unclear whether SpotCrime intends to report rape crimes because they are not categorized by their own searchable group. However, the author discovered one report of a rape crime in the Los Angeles area, which was classified as an ‘assault’ in SpotCrime, in which the street address was redacted but the street number was clearly visible on Google Streetview,[123] thus making the redaction of street address redundant. The residential property highlighted by Google Streetview is a small apartment block that appears to have a limited number of apartments, which could make it easier to identify the victim.
In November 2008, 37 schools in Japan inadvertently disclosed the personal information of 980 school students on Google Maps.[124] In Japan, it is customary for teachers to visit the homes of pupils who are about to start a new school. Several teachers of primary and secondary school pupils used the My Maps[125] feature on Google Maps to ascertain directions and to record certain information about the pupils, such as name and telephone numbers. The teachers’ tagged residential addresses with information provided by the pupil and used My Maps as a convenient tool to find the quickest route from one pupil's house to another. A vice principal of one of the schools in the affected areas was quoted as follows
“For teachers unfamiliar with local geography, it can be a hard job tracking down each student’s home on foot. So Google Maps is a convenient tool for finding houses and creating lists of locations just by inputting the relevant addresses”.[126]
The teachers believed that the maps created for the home visits were only accessible by themselves but in fact, the maps, and the pupil’s information, were accessible to the public. The My Maps default setting is to set to make information available to the public unless the map creator says otherwise.[127] Once the teachers realized their mistake, they tried to delete the pupils’ information but found that they were unable to do so. The teachers’ tried several times to delete the customized maps but to no avail. Google stores My Maps information on two or more different servers and deletion problems occurred because a data record remained on one server even if a user has deleted it from another.[128] Companies and hospitals in Japan have also encountered similar issues using My Maps. Sega the Tokyo-based video game maker, discovered personal information from 115 job applications was accessible to the public and a Nagoya hospital revealed the names, and personal information of patients receiving artificial dialysis.[129]
The last example involves the more general notion of invasions of individual privacy, which is defined as the wrongful intrusion by individuals into private affairs with which the public has no concern.[130] Two examples below highlight general concerns of invasions of privacy.[131]
In 2006, the media gossip website, Gawker[132] launched a Google Maps based geo-mashup called Gawker Stalker.[133] Internet users pinpoint and record the location of celebrity sightings in either New York or Los Angeles.[134] Gawker aims to update a celebrity sighting within fifteen minutes of receiving it.[135] A person can text or email Gawker and provide them with details of the celebrity sighting, such as location, time, date and other information such as how the celebrity looked and who they were with at the time of the sighting. The user provided information is then aggregated with Google Maps. An Internet user can click on a hotspot listed on the Gawker geo-mashup to view the latest celebrity listings or click on a particular celebrity to view all of the sightings provided by Gawker contributors.
Not surprisingly, Gawker Stalker has been subject to some criticism regarding the privacy and the safety of those celebrities sighted. Dominic Knight, a journalist of the Sydney Morning Herald [newspaper in Australia], stated in his news blog
In particular, it [Gawker Stalker] seems like a fantastic way to put mentally ill people in touch with the famous people they want to stab. One of the sightings on there at the moment is Christian Slater coming out of the Dakota – the same building John Lennon lived in when he was shot by a crazy fan.[136]
Jeff McIntyre a reporter for the Canadian Broadcasting Corporation also writes
The immediate media response has been loud and contagious, with publicists and celebrities expressing shock and disdain. Not only do the pinpointed map coordinates constitute a new invasion of privacy, they insist, but Gawker Stalker is potentially fomenting a DIY paparazzi movement.[137]
As presaged in the McIntyre article, celebrities themselves have responded with some angst at the prospect of having their whereabouts tracked. Stan Rosenfield, who represents the interests of George Clooney, amongst others, has highlighted issues regarding the provision of information about individuals
It's [Gawker Stalker] conceptually bad because it provides information to people that they don't need to have," he says. "There's a reasonable expectation of privacy that anyone has — you, me or someone who makes $200 billion. This is why people have unlisted phone numbers.[138]
The geo-mashup tracking phenomenon does not just involve high profile celebrities as it has also involved “urban eccentrics”.[139] For example, FindHeMan[140] allows Internet users to tracks the whereabouts of a well-known Manhattan resident “who bears a distinct resemblance to the comic book hero”, He Man.[141] Users are asked to email the FindHeMan website with updates of latest sightings[142]. Once received, the geo-mashup aggregates the latest observation onto a Platial map showing the location sighting of ‘He-Man’.[143] Spiegel also reports about a site called the Seattle Notables, which is similar to FindHeMan, allows users to track the whereabouts of readily identifiable, local individuals.[144]
In a slightly different vein to tracking the activities of celebrities or well-known local persons, the Celebrity Maps[145] geo-mashup shows Internet users where well known celebrities reside. The geo-mashup overlays residential address information on top of a Google Map to pinpoint the homes of celebrities.[146] Internet users enter a surname in the search field and the geo-mashup returns a list of celebrities with that surname. A user then clicks on a particular celebrity and the geo-mashup aggregates the name of the celebrity, along with the celebrity’s residential address, over the corresponding geographical point on Google Maps.
Privacy concerns arise in privacy invasive geo-mashups involve the interlinking of personal information misuse and invasions of individual privacy. Regarding the latter, geo-mashups such as Gawker Stalker clearly cause concern. Putting aside, the legal and policy sentiments regarding the privacy of celebrities, it does not take a major stretch of imagination to see how a similar tracking geo-mashup could be developed as a means to bully an ordinary individual by constant tracking and surveillance[147] or to marginalize further, already marginalized communities[148].
The issues involving personal information misuse are equally complex. The Japanese My Maps geo-mashup showed how easy it is to publish personal information inadvertently on geo-mashups. It also demonstrates the complex issues involved in the removal of information after publication. Those problems were also borne out by the BNP geo-mashup. The common concern that all the geo-mashups share, albeit Gawker Stalker to a lesser extent, is the aggregation of information, particularly personal information, with a residential address, that can lead to the identity of an individual, based on the information provided and the address location. Addresses are therefore an important aspect of the regulation of privacy in geo-mashups.
However, is an address itself personal information and therefore subject to privacy laws? The recent Australian Law Reform Commission (ALRC) review of privacy[149] analyzed the complexities that emerge when trying to define an address as personal information
3.139 In the ALRC’s view, information that simply allows an individual to be contacted—such as a phone number, a street address or an IP address—in isolation, would not fall within the proposed definition of ‘personal information’. The Privacy Act is not intended to implement an unqualified ‘right to be let alone’. Contact information may become ‘personal information’ in certain contexts, for example, once a mobile number is linked to a particular individual or the number can reasonably be linked to a particular individual. If an agency or organization can reasonably ascertain the identities of direct mail recipients by linking data in the address database with particular names in the same or another database, that information is ‘personal information’ and should be treated as such.
3.140 As information accretes around a point of contact such as a telephone number, an address, an email address or an IP address, it will become possible to link that information to a particular individual, to contact or affect that individual or to target the individual, for example, with advertising material. Once this occurs, that information becomes ‘personal information’ for the purposes of the Privacy Act.[150]
The ALRC state where an individual’s address presents with other information, which relates to that individual, then the likelihood that an individual’s identity can be reasonably ascertained increases, especially if that individual can then be contacted. Thus, the character of the information set as a whole tilts toward ‘personal information’. From an information privacy[151] perspective, addresses can act as an identifier to link different data sets together. Linking datasets increases the likelihood that the identity of the subject is ascertainable from the set as a whole. The status of information as ‘personal information’ therefore has an important element of context, i.e., the context and inter-relationship of each of the available information components and the extent to which they collectively make identification possible.
In terms of geo-mashups and identification, it is important to look beyond the limited notion of identity as the ability to name, and thus identify an individual. Instead, it is more appropriate to refer to a wider societal identity of a person as a constituent of the various wanted and unwanted meta-societies we live in, such as a member of the BNP, a reader of ‘subversive’ books or a rape victim. Residential addresses provide access to ourselves by the ability to link the sensitive constituent meta-societies we reside in, to our identity, which can then be made available to a wider audience, outside the parameters of the meta-societies[152].
This brief discussion of the status of addresses highlights the limits of statutory privacy protection founded solely on the concept of information privacy and the overt focus on the collection and use of personal information. As highlighted in the next part, privacy invasive geo-mashups challenge the effectiveness of fair and lawful regulation of personal information exchange, based on the notion of fair information principles or practices. The next part of the article will draw on Zittrain’s Privacy 2.0 as a framework to highlight the difficulties that first generation privacy laws have regarding the regulation of privacy in Web 2.0 and with geo-mashups in particular.
In his 2008 article, Privacy 2.0, Zittrain contends that the unique issues raised by the generative web require new privacy solutions because first generation information privacy laws are fast becoming defunct against the issues arising from generativity[153]. Information privacy laws are concerned with regulating the relationship between individuals and powerful organizations about the provision and use of personal information. In new online structures, individuals, as well as organizations, collect and use personal information. Building on Zittrain’s work, this part of the article will outline the foundations and legal principles of first generation information privacy laws before detailing Zittrain’s criticism of first generation laws.
Zittrain highlights the rise of privacy concerns in the 1970’s generated by the advent of new computing technologies that enabled organizations to automate the collection of personal and non-personal information from individuals. Three key reports and international instruments, from the early 1970’s, through to the early 1980’s, were instrumental in the development of first generation information privacy laws and thus addressed rising societal, governmental and institutional concern.[154]
In 1973, the US Department of Health, Education and Welfare produced a report entitled Records, Computers and the Rights of Citizens (the HEW Report). The Hew Report’s central apprehension was the relationship between individuals and recordkeeping organizations in relation to the “growing concern about the harmful consequences that may result from uncontrolled application of computer and telecommunications technology to the collection, storage, and use of data about individual citizens”.[155] The Report attempted to find a balance between the organizational benefits arising from the enhanced efficiencies of automated personal data processing and the potential infringement of personal liberties from impersonal data collection.[156] The balance was achievable through the concept of mutuality and by providing a degree of individual control over the collection of, access to, and disclosure of, an individual’s personal information.
An individual's personal privacy is directly affected by the kind of disclosure and use made of identifiable information about him in a record. A record containing information about an individual in identifiable form must, therefore, be governed by procedures that afford the individual a right to participate in deciding what the content of the record will be, and what disclosure and use will be made of the identifiable information in it. Any recording, disclosure, and use of identifiable personal information not governed by such procedures must be proscribed as an unfair information practice unless such recording, disclosure or use is specifically authorized by law.[157]
The Report concluded that existing laws provided inadequate protection of individual privacy against potential record-keeping abuses and recommended the establishment of a Federal “Code of Fair Information Practice” for all automated data systems.[158] The HEW Report’s recommendations led to the enactment of the Privacy Act 1974 (US)[159] which established the recommended Code of Fair Information Practice for Federal Government agencies.[160] These five core principles of fair information practice are the:
1. Notice/Awareness principle requires organizations to give an individual clear notice about information practices before personal information is collected;
2. Choice/Consent principle provides an individual the opportunity to consent to secondary uses of their information;
3. Access/Participation principle ensures that an individual is able to access data about themselves to ensure that data is accurate and complete;
4. Integrity/Security principle obliges an organization that collects personal data to take reasonable steps to ensure that the data is accurate and is held in a secure environment; and
5. Enforcement/Redress principle provides an individual with the means to enforce a breach of the principles.
During the same period, the Council of Ministers of the Council of Europe adopted two resolutions that concerned the protection of individual privacy arising from personal information held in private and public sector databases.[161] The resolutions were the instigator of a more substantial legal instrument to ensure adequate individual protections whilst enhancing the free trade of member countries.[162] In 1981, the Council of Europe formally adopted the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data[163] that extended the ambit of the previous Council Resolutions. The Convention was intended as a catalyst to encourage and guide state legislative initiatives rather than to provide a readily implementable set of data protection rules and regulations,[164] as exemplified by the generality of the Convention’s principles, namely, that personal information is to be
1. Collected and processed in a fairly and lawful manner;
2. Only stored for specified purposes;
3. Only used in ways that are compatible with those specified at the point of data collection;
4. Adequate, relevant and not excessive in relation to the purpose of data collection;
5. Accurate and where necessary kept up-to-date;
6. Preserved in identifiable form for no longer than is necessary
7. Kept adequately secure; and
8. Accessible by individuals who have rights of rectification and erasure.[165]
Fourteen years later the European Community adopted the Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data[166] to create an EU wide regime that sets governance rules for member states to follow.[167]
The Organization for Economic Cooperation and Development’s (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data[168] crystallized transnational improvements in 1980. The OECD recognized that the 1970’s were an intensive period of legislative investigation and activity about the protection of privacy with respect to the collection and use of personal information. Member countries of the OECD had a common interest in the protection of individual privacy and in the reconciliation of fundamental and competing values involved in automatic data processing and transborder flows of personal information.[169]
For this reason, OECD Member countries considered it necessary to develop Guidelines, which would help to harmonize national privacy legislation and, while upholding such human rights, would at the same time prevent interruptions in international flows of data. They represent a consensus on basic principles that can be built into existing national legislation, or serve as a basis for legislation in those countries which do not yet have it.[170]
As with the HEW Report, and the Council of Europe Convention, the OECD Guidelines were concerned with the maintenance of balance. On this occasion, the balance was between the harmonization of different legislation to protect privacy and to preserve the integrity of transborder flows of personal information. The Guidelines were therefore an attempt to reduce the restrictions that inhibited the transfer of personal information and to strengthen the free information flow between member countries.[171] The OECD considered that this balance was achievable because
[I]t is possible to identify certain basic interests or values which are commonly considered to be elementary components of the area of protection...
Generally speaking, statutes to protect privacy and individual liberties in relation to personal data attempt to cover the successive stages of the cycle beginning with the initial collection of data and ending with erasure or similar measures, and to ensure to the greatest possible extent individual awareness, participation and control.[172]
The Guidelines provided 8 core principles of data collection, storage and use for application by member countries, namely the:
1. Collection limitation principle which guarantees that the collection of personal data is within lawful and fair means, and where appropriate is conducted with the knowledge and consent of the individual;
2. Data quality principle which requires data collectors to collect personal data for relevant purposes only and to ensure that collected data is accurate, complete and up to date;
3. Purpose specification principle which states that the purpose for which personal data is to be used must be stated at the time of collection and subsequent use must be limited to that purpose, unless individuals are notified of additional uses before that re-use takes place;
4. Use limitation principle which states that personal data should only be disclosed or used in accordance with the consent of the individual or by authority of law;
5. Security safeguard principle which requires that personal data must be kept in reasonably secure conditions;
6. Openness principle which states that organizations should implement a general policy of openness about data collection developments, practices and policies;
7. Individual participation principle which confirms that an individual should retain certain rights over the collection, storage and use of their information; and
8. Accountability principle, which confirms that a data collecting organization, should be accountable for complying with the above principles.
The HEW Report, the Council of Europe Convention and the OECD Guidelines have been at the forefront of the development of first generation information privacy laws. There are obvious similarities between the three documents that first generation information privacy laws reflect.[173] The HEW Report was directly responsible for the instigation of the Privacy Act 1974 and the Convention eventually founded the European Union’s Data Protection Directive. Furthermore, the OECD Guidelines have had a significant impact as a foundation for national legislation[174], including Australia[175] and Canada[176]. All of these laws have organizational oriented controls founded on the privacy principles or fair information practices developed in the previous decade[177].
Bygrave[178] has adduced eight core legal principles that reflect the fundamental aims of first generation information privacy laws.[179] The primary principle is that personal information is to be “processed fairly and lawfully” and this concept manifests throughout the remaining principles.[180] The lawful element is apparent, that organizational personal information collection practices must be within existing law, but the fairness criterion is more abstract in nature, particularly because general agreement about what is fair will change over the course of time.[181] In general, the notion of fairness requires data collectors to take account of the interests and expectations of individuals who provide personal information to them.[182] Personal data collection organizations are therefore obliged not to pressure individuals when they provide their personal information and to ensure an individual consents to the provision.[183]
The minimality principle directs data collecting organizations to ensure that the collection of personal information is “limited to what is necessary to achieve the purpose(s) for which the data are gathered and further processed”.[184] Under this principle, organizations are required to collect personal information only for a relevant purpose.[185] Linked to minimality, the purpose specification principle dictates that personal information is only collected for specified, lawful or legitimate purposes and can only be used within these bounds.[186] Bygrave states that the principle is essentially a cluster of three related sub-principles, namely that the data collection purpose is: (1) specified; (2) lawful and/or legitimate and (3) that further personal data processing is compatible with the data collection purpose.[187]
The information quality principle ensures that personal information is accurate, both in terms of its content and context, and with regard to the purpose of information collection and processing.[188] The principle ensures that personal data is valid because it describes unambiguously what it pertains to and it is relevant and complete with respect to the purposes of intended processing and use.[189] Information quality requires the participation of individuals to ensure that information held is up to date. Accordingly, the individual participation and control principle and is pivotal because it ensures that persons have a measure of influence over the processing of their personal information by organizations and individuals.[190] However, most first generation information privacy laws do not refer to the principle directly. Instead, legislation implicitly acknowledges the principle in legal rules that govern the collection, storage and use of personal information in accordance with individual knowledge and consent.[191] Likewise, first generation laws rarely state the disclosure limitations principle directly but it implicitly requires data collecting organizations to restrict the disclosure of personal information within the confines of how data is collected, and within the consent provided by individuals or by the authority of a given law.[192] The two remaining principles, information security[193] and sensitivity[194] protect the integrity of personal information through the provision of adequate methods of security, particularly regarding sensitive information, which may require controls that are more stringent.
The historical development of first generation information privacy laws highlights that the collection, storage and use of personal information by data collecting organizations was the dominant concern of lawmakers and solutions to emergent problems lay in the construction of information privacy principles or fair information practices.[195] Such regulation was possible because the social modes of personal information provision, process and use were predictable, stable and relatively static.[196] Public and private sector organizations were the main collectors of personal information for clearly defined purposes.[197] As such, the imposition of fairness upon the procedures of personal information collection and use was possible because those procedures were identifiable and therefore manageable. Information privacy regulation was able to find a balance, or a compromise, between the societal concerns of individuals that provided their personal information and the organizations that required personal information to fulfill their business or statutory purpose. However, Web 2.0 has distorted the balance because new information relationships require new forms of privacy regulation as outlined in Zittrain’s Privacy 2.0.
Zittrain has two principal criticisms about the ineffectiveness of first generation information privacy laws in newly, evolving Internet structures. The first regards the new information exchange relationships that emerge from Web 2.0 which are more complex than the traditional personal data collection pathways of the previous decades. The second contends that individual, as well as organizational actions, can now give rise to an equal number of privacy concerns. New technological developments and social structures mean that individuals now have the same capacity to infringe the privacy of individuals as organizations once did.[198]
Zittrain argues the privacy problems that arise from Web 2.0 related technologies and cultures require new solutions because existing laws only provide remedies for older ideas of privacy predicated on the concept of information privacy. Such laws safeguard an individual’s privacy by providing protections relating to the collection, storage and use of personal information along well-established data provision pathways. These laws thus recognize that there is a degree of social sensitivity attached to the production of personal information and that organizational activities relating to personal information should be restricted to legally mandated, legitimate means.[199]
Legal remedies designed in the 1970’s and 1980’s, may therefore provide ineffective and rigid solutions to personal information exchange problems in Web 2.0. The first generation of information privacy laws focused on the regulation of three stakeholder groups involved in personal information provision. The three groups in question are of course, those individuals[200] who provide personal information,[201] personal data collecting organizations[202] and finally, a further set of organizations that use personal information previously collected, by their own or by different organizations, that has been disclosed to them.[203] Legal controls attempt to regulate the activities between individuals and organizations within two binary relationships: the first between the data provider and the data collector and the second between the data collection organization and the data re-user organizations. A chain of accountability links all three groups to ensure that personal information provided by individuals is collected and stored within certain legal boundaries.[204] Moreover, personal information provided by individuals is stored with legally requisite standards to ensure the accuracy and the security of the information.[205] Finally, future re-uses of provided personal information is circumscribed within specific confines, to ensure that the information collected can only be used for the purpose for which it was originally collected[206] or under a specified exemption to that purpose.[207]
However, first generation legal controls may now be ineffective because Web 2.0 enables multiple information contributions from a range of different and unconnected sources. As Zittrain states “The heart of the next generation privacy problem arises from the similar but uncoordinated actions of individuals that can be combined in new ways thanks to the generative Net”.[208] First generation laws envisage selected pathways of personal information provision and distribution. The move from binary to multiple pathways of personal information provision and use has been brought about and created a situation in which “the Net puts private individuals in a position to do more to compromise privacy than the government and commercial institutions traditionally targeted for scrutiny and regulation”.[209] As such, Web 2.0 now delivers many different pathways because individual Internet users are now the collectors, disseminators and re-users of personal information.
One of the key points of concern arising from Zittrain’s Privacy 2.0 therefore involves the governance of ever developing information pathways that enable the collection, storage and use of personal information from individuals, by other individuals.[210] The once clear cut boundaries have been blurred to the extent that Internet personal information users are no longer just organizations but are now inchoate collections of far flung individuals, who coalesce in different groups to use and share their own and other individual’s personal information.[211] These collectives are themselves “databases that are becoming as powerful as the ones large institutions populate and centrally define”.[212] Except the power to infringe personal privacy within these new data collectives is different to the fears of the 1970’s and 1980’s. The flows of personal information into and out of these collectives are multiple, diffuse, erratic and serve many different purposes of collection and subsequent re-use. Contrast that to the concerns of first generation laws in which monolithic organizations collected personal information for specific purposes, largely direct from the individuals themselves and who’s subsequent re-use of personal information was mostly predictable.[213]
Accordingly, the fundamental analytical template of first generation information privacy laws regarded “both the analysis and suggested solutions speak in terms of institutions gathering data, and of developing ways to pressure institutions to better respect their customers' and clients' privacy”.[214] This basic template has shaped the development of privacy legislation during the last three decades but has not effectively made the transition from “a functional theory to a successful regulatory practice”.[215] In fact, some commentators argue that business interests have skewed the balance sought from first generation laws.[216] However, the very notion of what a business organization is has itself changed, and continues to change, in new online structures. With that comes changes in business technologies and techniques, as can be seen with the very foundation of first generation concerns, the database, which is now almost in “constant beta” to the extent that “how a database is defined, changes from one moment to the next, both in terms of content, structure and scope”.[217]
First generation fears focused on powers arising from the centralization of personal information and nefarious uses by powerful organizations without the knowledge, input or consent of individuals. The first generation information privacy laws were an attempt to manage disputes arising between individuals and organizations about a contested social asset, an individual’s perceived right over of control over their personal information against an organization’s economic need to use that information. Contested issues were disputed within a scenario of clearly identifiable actors, accepted definitions of personal information and evident, yet limited, legal rights and obligations. Privacy 2.0 concerns, on the other hand, manifest through peer-to-peer technologies that eliminate points of control regarding the transfer of personal information.[218] Whilst the contested social asset remains personal information, the contests that are now developing in Web 2.0 are not about the fair or unfair processes of organizational personal information collection, but rather, they are about the socially acceptable re-uses of personal information by individuals in multiple, generative guises. Therefore, unlike their predecessors, Privacy 2.0 contested issues do not involve disputes between individuals and organizations in clear-cut, readily identifiable scenarios founded on stable and largely, one dimensional, information pathways. Instead, disputes arise within webs of diverse, individual Internet users within which numerous problems arise in unimagined scenarios. The next part of the article examines the BNP geo-mashup situation to show the change from binary to multiple information relationships and the increasing involvement of individuals as potential infringers of individual privacy.
In the BNP geo-mashup, we see a situation that highlights the limits of first generation information privacy laws when faced with a privacy invasive geo-mashup. As suggested by Zittrain, the key reason is the informal personal information dissemination pathways that were developed post the publication of the membership list that effectively eliminated any vestiges of control that BNP members may have thought they had over their personal information. While some forms of first generation legal redress are still available to individual BNP members, via obligations imposed on the BNP as a data collector, there is little or no redress or remedy available against the geo-mashup creators or the geo-mashup technological facilitators, Wikileaks and Google Maps.
The original act of personal information provision took place when an individual joined the BNP. In doing so, he or she provided the party with their personal information and that provision and collection of personal information was covered by the relevant privacy legislation, in this case the Data Protection Act 1998[219]. The minimality and purpose specification principles’ govern the act of personal information provision between the individual and the collecting organizations and thus creates an information exchange relationship between them. These principles ensure that the BNP collects and processes personal information in a fair and reasonable manner. Furthermore, the information quality, individual control and participation principles, obliges the BNP to ensure that any collected personal membership information, is kept accurate by reference to the individual who has provided that information. In so doing, an individual BNP member is able to ascertain from the BNP what personal information the BNP holds so that he or she can check the accuracy of that information, at any given time. Moreover, the information security and sensitivity principles mandate the BNP to keep personal information supplied by its members in a secure environment.
In the BNP example, the BNP conclusively failed to secure the personal information of its members because a disgruntled employee was able to gain unauthorized access to the BNP membership list. Furthermore, once the disgruntled employee gained access to the list, he or she was then able to copy it and to take it outside of the control of the BNP. At this point, first generation information privacy laws, founded on the core principles highlighted above, would continue to operate relatively effectively. The principles, and their concomitant laws, could not have stopped the willful unauthorized access by the disgruntled employee but the laws would provide some sort of recourse for those individuals who provided information to the BNP under a breach of the information security principle.[220] The primary reason for the effectiveness of the laws is a clear and unambiguous binary relationship between the individual BNP member and the BNP, as a data collector.
However, the binary relationship between the data collector and the data re-user fails to manifest under first generation laws because of the unauthorized breach by the disgruntled employee. The disclosure limitation principle that is central to the relationship between the BNP, and subsequent information re-users, fails to materialize in the absence of a binary relationship. BNP members therefore have little or no recourse against the BNP or subsequent information re-users under first generation laws. Nevertheless, there were a number of information re-users in the BNP example because Wikileaks, various geo-mashup creators and bit torrent websites re-used the personal information of BNP members in a number of different ways.
Accordingly, there is an absence of one of the key links in the chain of accountability. The information re-users have no link with the data collection organization, the BNP, but more importantly, they have no link with the data provider, individual BNP members. Putting aside the misuse of personal information by the disgruntled BNP employee,[221] the first re-use took place when Wikileaks published the BNP membership list on their website. The second re-use then saw various individuals copying the membership list and placing it on bit torrent websites for the purpose of wider distribution. News of the story then broke on various blogs. The third reuse of the BNP membership list arose when media outlets and individuals, aggregated the BNP membership list with Google Maps to create the geo-mashups highlighted above.
The original misuse of personal information by the disgruntled BNP employee infringed the privacy of BNP members through unauthorized access to their information and subsequent disclosure. However, it is the use of the BNP membership list, as a foundation stone for geo-mashups, which brings the situation to the fore and exacerbates the privacy infringements of BNP members, particularly in the case of the BNP Proximity Search geo-mashup.[222] Yet there is little or no recourse against Wikileaks, the creator of the geo-mashup or the facilitator of the geo-mashup, Google, under first generation information privacy laws because of the absence of a binary relationship between the information collector and the information re-user, even though issues arise under the information quality principle. For example, it is unclear whether The BNP Proximity Search geo-mashup aggregated the BNP list by postcode or by house number and street address. The residential properties pinpointed on Google Maps could either be (a) the address of a BNP member or (b) an out of date address for a BNP member or (c) the address of an individual who has nothing to do with the BNP but has the misfortune of having his/her house automatically tagged with a certain postcode by Google Maps.[223] All scenarios are feasible given the problems that arose from the BNP Near Me geo-mashup and the fact that the BNP admitted that the membership list was out of date.
The BNP Proximity Search raises specific privacy concerns regarding the use of sensitive and personal information, in the form of political party membership, names and addresses. The geo-mashup identifies members of the BNP by name and address. However, it is the aggregation and overlay on to Google Maps that causes greater concerns, particularly in combination with Google Streetview, because the geo-mashup enables any person to identify the location of a BNP member at a particular house.[224] It is also astonishing to think that, at the time of writing, the BNP Proximity Search, is still online and is still identifiable through Internet search engines.[225]
Referring back to Zittrain’s work, the BNP example shows the limits of information privacy laws based on first generation principles because of the difficulties faced in applying founding maxims to generative systems of distributed personal information[226]. The definitional founding blocks of first generation regulation – personal information, records, databases, data subjects, collectors and users – are becoming so diffuse that the core concepts of first generation laws are themselves changing from one moment to the next. To the extent that the concept of privacy regulation, like Web 2.0 technologies and structures, is now entering a period of constant beta, where the developments of the online world are far outpacing the decades old laws that are currently being used to regulate it[227]. This raises serious questions about the ability of privacy laws predicated on the concept of technological neutrality[228] and their ability to keep pace with developments in Web 2.0, 3.0 and beyond.
If the intention of first generation laws is to regulate the relationship between individuals and powerful, monolithic organizations, how then should Privacy 2.0 attempt to govern disparate collectives of information collecting individuals and individuals themselves? Zittrain contends that levels of privacy responsive regulation has to be lower for individuals than for organizations otherwise the burden of compliance becomes so great that it effectively restricts taken-for-granted Internet activities.[229] Abundant over regulation of individuals from an overtly complex privacy regime is dangerous because it has the capacity to frustrate the “generative developments” of individual users.[230] This part explores this idea in further depth to suggest embedded technical and social standards as potential solutions to mitigate the negative consequences of privacy invasive geo-mashups.
Zittrain uses Creative Commons licenses as a potential template for privacy related code backed norms. He argues that Creative Commons licensing has become popular on the Internet because they provide a collective signal to share information within agreed social boundaries. It is not the threat of legal sanctions that gives Creative Commons licenses weight, but rather, it is the capacity to “touch into a cultural mindshare of web users”.[231] Creative Commons licenses reside in the realm of intellectual property and a number of journal articles have already examined the copyright issues that arise from mashups and Web 2.0.[232] Whilst many of the same issues of information usage appear to be similar, the purpose and use of intellectual property and privacy regulation are so different that they do not offer grounds for clinical comparison[233]. However, Zittrain considers the use of Creative Commons licenses in a broad sense, not as a way to enforce rights over the protection of personal information per se, but as a potential template that would enable individuals to express preferences about how search engines should use and index their personal information. [234]
The lack of a privacy preference tool for Internet users inhibits meta-data transfer that could enable a two way passing of information about the agreed uses of personal information.[235] Zittrain argues that tagged meta-data would provide a way for individuals to signal whether they would like to remain associated with information they place on the web and to be consulted about any unusual future uses.[236] Privacy tags would promote respect regarding the uses of personal information on the Internet by creating a means “that connects and sets informal standards for distant and disparate individuals about the use and re-use of personal information”.[237] Such tags would generate “privacy spaces” and would thus become the touchstone privacy tool of Web 2.0 by creating points of connection and accountability for Internet users who produce, transform and consume personal information.[238]
Warner and Chun have also developed the notion of privacy spaces in mashups founded on government provided information. Their concept aims to ensure privacy protection through the interaction of different privacy policies that represent the interests of different parties involved in a mashup process, including geo-mashups.[239] This combination of different privacy policies
[A]llows a user, as a data owner, to describe their privacy preferences as Personal Privacy Policies (PPP), government agencies, as data providers, to specify Regulatory Privacy Policy (RPP), and mashup service provider to specify their privacy policy (MPP)….
The proposed technology solution includes a PPP network where citizens can register their personal privacy preferences, and a Privacy Enforcement engine that interprets PPP [Personal Privacy Policies], RPP and MPP before releasing individual's data requested by third party applications such as mashups.[240]
The real time interaction of interrelated privacy policies builds boundaries between what individuals want to be kept private and information that can legitimately be used for public purposes. Warner and Chun recognize the privacy problems arising from geo-mashups by the fact that individuals who provide personal information have virtually no control over who will be able to access their information once it is aggregated in a geo-mashup.[241] Their remedy to this problem is to place limits on the use of personally identifiable information in mashups by the extensive use of a range of privacy policies “that enforce a situation in which an individual has the right to control information about them”.[242] As such, internal data flows that found geo-mashups should be controlled, to adhere to the privacy requirements expressed by individuals and government agencies.[243]
The notions of individual control over information and the use of privacy policies are hallmarks of first generation laws and Warner and Chun’s work develop first generation concepts in interesting and novel ways. However, when faced with privacy invasive geo-mashups, such as the BNP geo-mashup, the bounds of protection are limited because their work focuses on personal information provided to and supplied by government organizations. The network of privacy preferences and policies may provide “multiple protection spaces that allow personal information to be shared under certain protection spaces and not in others”,[244] but information sharing is based on the idea of a limited number of stable and identifiable information pathways. For instance, the authors’ state
The PPP [Personal Privacy Policy] network will allow citizens to have more control over their own private data, through direct participation in protecting the private data. This participatory privacy protection also accommodates a high degree of individual differences in privacy, and may foster the level of trust in government agencies. It also simplifies the requirements on individuals. They can specify their preferences once for all known as well as unknown potential uses of their data.[245]
It may be possible for an individual to specify their preference for known uses of their personal information but how is an individual expected to specify their preference for an unknown use of their personal information? Take for example the BNP members in the BNP geo-mashup scenario. An individual BNP member may have been able to stress the limits on the use of their personal information by the BNP. They could state in their personal privacy policy that they do not want their information used in any subsequent geo-mashup created or authorized by the BNP. However, in this situation personal privacy preferences would have become defunct once the disgruntled BNP employee accessed and used the membership list with authorization. A personal privacy policy could envisage a future use by the BNP, within its own organizational standards, membership expectations and policies, but it cannot envisage a geo-mashup generated by individual creators that has no connection to the BNP and therefore has different levels of understanding about the privacy requirements of rank-and-file BNP members. Even if individual privacy preferences had travelled with the data as meta-data tags, as Zittrain suggests, there is no suggestion in the BNP scenario that the ultimate geo-mashup creators would have respected those preferences, especially the creators of the BNP Proximity Search geo-mashup.
The author contends that even if a privacy preference network, such as that highlighted by Warner and Chun, had been in place with the BNP geo-mashup, it would have had little practical effect. The reason being, as highlighted by Zittrain, is that privacy protection is still based on the regulation of data collection organizations and on limited and identifiable information provision and use pathways. As highlighted above, the pathways involved in the BNP geo-mashup were numerous, were more socially complex and were not identifiable until they were created.
At this point, it is important to acknowledge that the privacy problem, which emerged from the BNP geo-mashup, is possibly an extreme example because it involved a socially sensitive situation and sensitivities were exacerbated because the geo-mashup creators used a combination of sensitive and personal information that was aggregated by residential address. However, the issues raised by the BNP example are equally applicable to less socially and sensitively charged situations due to the involvement of individual geo-mashup creators rather than organizations. The BNP geo-mashup situation brings Privacy 2.0 issues clearer to the fore because of the disgruntled employee’s data breach, which effectively severed any possibility that individual BNP members could have a say in how their personal information was subsequently re-used. The same issues of principle arise in other Web 2.0 personal information collection and use scenarios, such as the collection of personal information by individuals as human sensors or the exchange of personal information in the inchoate data collectives highlighted above. The real issue of significance is the social, temporal and cultural distance between the provision or collection of personal information by individuals and the re-use of that information in geo-mashup form. It is this distance that can give rise to unresponsive or uncaring re-uses of personal information that have the potential to infringe privacy without the prospect of any real accountability. Whether extensive use of privacy conscious meta-data tags can bridge this distance remains to be seen.
Where then do technical solutions for privacy invasive geo-mashups arise if not through the creation and instigation of more complex privacy policy networks and meta-data tags? This article puts forward a potential technical solution based on the notion of privacy enhancing technologies (PETs).[246] PETs “are tools, standards and protocols that set out to reverse the trend [of privacy invasive technologies], by directly assisting in the protection of the privacy interest”. [247] Clarke defines three types of PET: Counter-PITs as a countermeasure against privacy invasive technologies (PITs); Savage PETs “which combat privacy-intrusive behaviors by setting out to deny identity and to provide genuine, untraceable anonymity” and Gentle PETs “which are intended to balance the interests of privacy and accountability, and are oriented towards protected pseudonymity rather than anonymity”.[248]
It is possible that a more considered use of existing technology, based on the principles arising from PITs and PETs, and one that incorporates the ideas behind Gentle PETs, could be used to develop techniques founded on privacy enhanced awareness for privacy invasive geo-mashups. As Clarke states “Very substantial protections could be provided for individuals' identities, but those protections could be breachable when particular conditions are fulfilled. This is the concept of 'pseudonymity', and I refer to technologies that implement it as 'gentle PETs”.[249] The article adopts the idea of in-built privacy protections based on pseudonymity and suggests a technical response to the issue of privacy invasive geo-mashups that again draws on the example of the BNP geo-mashup. Geo-mashups are more likely to be privacy invasive when information, either personal or non-personal, is aggregated with residential addresses. Clarke further states
“The challenge confronting developers of gentle PETs is that the legal, organizational and technical protections need to be trustworthy. If the power to override them is in the hands of a person or organization that flouts the conditions, then pseudonymity's value as a privacy protection collapses “.[250]
The quote provides an accurate description of the BNP privacy invasive geo-mashup except the power to override organizational and technical protections resided outside of the BNP and in the hands of the geo-mashup creators. If however, geo-browsers inhibited access to residential address aggregation, specifically regarding the number of individuals and addresses witnessed in the BNP geo-mashup, it would ensure that aggregation based on zip code, town or state level would thus provide a level of anonymity, or even pseudonymity, in the form of broad location, for individual persons and residential addresses. It would simply not be technically possible for a geo-mashup creator to create maps based on the aggregation of multiple residential addresses. It would still be possible to create a geo-mashup based on an individual tag, placed on an individual residential address, but it would not be possible to aggregate and overlay hundreds or thousands of records over numerous residential addresses. A solution of this type will not preclude all privacy problems. However, the blocking of residential address aggregation would ensure that similar problems to those generated by the BNP geo-mashup are not repeated. Whilst the BNP membership list may still be available on the Internet via bit torrent websites, the elimination of mass aggregation using residential addresses at least reduces the scope for privacy invasive activities arising from the use of online mapping applications.[251]
A number of issues could arise from the suggested approach. Firstly, geo-browsers would be required to identify residential properties on their mapping systems. This, in itself, is likely to be a complex and potentially expensive exercise. Secondly, restricting aggregation access to residential addresses could stifle the legitimate innovations of non-privacy invasive geo-mashups, for example, geo-mashups like Housingmaps.com. A potential solution for the second issue may lie in a reverse approach to the publication of My Maps. Instead of a default setting that allows anyone to aggregate anything onto any map, it is suggested that aggregation access to numerous residential addresses is restricted to those individuals or corporate entities who are willing to enter into a license agreement with geo-browsers that sets boundaries relating to the aggregation of information with residential addresses. The author acknowledges that a licensing arrangement is still open to potential abuses but it is at least a first step on a journey to provide effective privacy protections against privacy invasive geo-mashups. Moreover, a licensing arrangement may assist with the development of standards relating to good privacy practices in geo-mashups. However, it is clear that further research is required to investigate the feasibility of any long-term technical or legal solution.
Technical solutions inherently come packaged with social standards that enable and foster good uses of technology. In Privacy 2.0, Zittrain states that the development of social tools, in the form of code-backed norms, is of equal importance as technical solutions regarding the effective regulation of privacy protections regarding the generative web. [252] He contends that “a simple, basic standard created by people of good faith can go a long way toward resolving or forestalling a problem containing strong ethical or legal dimensions”.[253]
Public and private sector organizations have developed corporate standards about the use of Web 2.0 technologies, particularly social networking sites. For example, the British Broadcasting Corporation (BBC) has devised a set of principles for their staff to follow when using Web 2.0 Internet applications in areas where conflicts can arise[254]. The guidelines and their principles are designed to primarily protect the interests of the Corporation but they nonetheless attempt to raise awareness of privacy issues and to set standards for individual participation of the Internet. For instance,
Social networking sites provide a great way for people to maintain contact with friends. However, through the open nature of such sites, it is also possible for third parties to collate vast amounts of information. All BBC staff should be mindful of the information they disclose on social networking sites. Where they associate themselves with the Corporation (through providing work details or joining a BBC network) they should act in a manner which does not bring the BBC into disrepute….
Personal blogs and websites should not be used to attack or abuse colleagues. Staff members should respect the privacy and the feelings of others. Remember also that if they break the law on a blog (for example by posting something defamatory), they will be personally responsible. Under no circumstance should offensive comments be made about BBC colleagues on the Internet. This may amount to cyber-bullying and could be deemed a disciplinary offence.” [255]
IBM[256] and by the Australian Public Service Commission have released similar standards.[257] At the privacy regulator level, the UK’s Information Commissioner has released information about the safe use of personal information on social networking sites[258] as has the Australian Office of the Privacy Commissioner.[259] A conglomeration of major media and software commercial copyright owners have also developed Principles for User Generated Content (UGC) Services that seek “to foster an online environment that promotes the promises and benefits of UGC Services and protects the rights of Copyright Owners”.[260] The purpose of the UGC Principles is to eliminate user generated material that infringes copyright whilst encouraging the uploading of legitimate content and the protection of legitimate interests of user privacy.[261] However, none of these fledgling standard setters provides guidance on the creation and the use of geo-mashups, either at a corporate or individual level.
The BNP geo-mashup example shows that there is already an awareness of privacy issues arising from the use of personal information amongst geo-mashup creators. For example, three of the four geo-mashups noted, namely the Times, the Guardian and the BNP Near Me geo-mashup, did not publish any BNP related personal information. Moreover, these geo-mashups aggregated their maps around postcode rather than an individual residential address. By doing so, they provided a degree of privacy protection by obscuring the identity of residential addresses that are linkable to BNP members. Concerns still arose because of the particular nature of UK postcodes and the effect this had when aggregated with Google Maps. The BNP Near Me geo-mashup creator altered the original map because the pinpoints gave a misleading impression that a BNP member resided at a specific address when in fact the representation of the BNP membership data was incorrect. The creator of the geo-mashup explained his reason for changing and ultimately removing the geo-mashup from the Internet
I have decided to take down the map. Many people have commented that the map does give a false impression of accuracy, despite my making this clear, and I’m tempted to agree. I do not want to single anybody out and by removing the accuracy from the map it is possible that it ends up incorrectly implying a property contains a BNP member. It has been suggested that an inaccurate map that doesn’t make that clear is worse than publishing the list itself, and I think that’s a reasonable comment.[262]
There is a clear recognition of the negative consequences that could arise from the use of inaccurate personal information that could give a misleading impression. Owad also highlighted similar concerns in the Amazon wish list geo-mashup[263]. However, the opposite occurred with the BNP Proximity Search geo-mashup, which provided the postcode, name of BNP members, and then overlaid that information over a specific residential address.[264] The Proximity Search geo-mashup may or may not have been aggregated on an individual address or a postcode. However, it is possible to use the geo-mashup to identify a BNP member at a specific street because (a) it is possible to reverse search a postcode to find a corresponding street address, which can be cross referenced with other sources to check where a particular person lives or (b) because that person does in fact reside at that address, which again can be confirmed with a relatively quick check of other data sources. As such, the author contends that the BNP Proximity Search has infringed expected social standards regarding the use of personal and non-personal information in geo-mashups as exemplified by the actions of the other BNP geo-mashup creators.
At this point Zittrain’s contentions regarding the establishment of code-backed norms as a means of privacy protection look a trifle weak. The BNP Proximity Search geo-mashup gives rise to serious privacy concerns and yet the geo-mashup is still available on the Internet. At what point, does further action need to be taken either to remove the geo-mashup or to ensure that access to the geo-mashup is restricted? Either solution is potentially difficult to implement, not least because the BNP membership list has been widely disseminated and either solution does not provide a guarantee the same problem could arise again. What code-backed norms can do, however, is to provide a spotlight for those geo-mashups that can give rise to privacy invasive tendencies, which will enable earlier identification by individuals, organizations or geo-browsers, and before problems more serious problems emerge from publication via the blogosphere or via the ubiquity of search engines.
The technical solution, highlighted above, would mitigate the threats of privacy invasive geo-mashups and would require geo-browsers to restrict aggregation and overlay of information on individual residential addresses. The author does not intend to single out geo-browsers as the new pseudo-regulators of privacy in geo-mashups, but it nonetheless needs to be acknowledged that these organizations are the gatekeepers for geo-mashup creation because they facilitate the geo-mashup process with their technologies. As such, it is no longer suffice for geo-browsers to provide only one means of remedial relief for individuals against privacy invasive geo-mashups in the form of simple take down notices. Proactive standard setting is now required to augment reactive removal of privacy infringing material.
As a first step, this article suggests that the major geo-browsers work together with the geospatial community, privacy regulators and reputed privacy organizations, to develop a new set of privacy-oriented standards for the creation of geo-mashups, to increase awareness of the detrimental issues that can arise from privacy invasive geo-mashups. These Privacy Standards for Geo-mashups could be the first step in a continuing, evolutionary process of social norm development[265] that (a) sets standards for the collection and use of personal information in the creation of geo-mashups and (b) allows a flexible framework in which individual concerns, geo-mashup creator innovations and geo-browser requirements can be aired and discussed.
This article has highlighted the privacy concerns that can arise from privacy invasive geo-mashups particularly in light of the limits of first generation information privacy laws as suggested by Zittrain. The Internet now provides manifold pathways for the provision and use of personal information that provide numerous Internet users, with multiple opportunities to use personal information in many different ways. More importantly in terms of information privacy regulation, these multiple users can also be individuals as well as organizations. Potential Privacy 2.0 solutions for the prevention and mitigation of privacy problems reside in the development of embedded technical and social standards, and not solely through avenues of legal recourse founded on the concept of information privacy. These standards, by their nature, must be inclusive and flexible given the changes that are taking place in the everyday Web 2.0 environment. Moreover, whilst the article acknowledges the limits of first generation information privacy laws have with regard to geo-mashups, it is too early to say whether we are witnessing the death of first generation information privacy laws in general. First generation laws may still have a place regarding the regulation of interaction between individuals and organizations about the provision and re-use of personal information along more traditional lines that involve stable information collection relationships and defined information pathways. Privacy 2.0 requirements suggest a move from laws based purely on information privacy to the establishment of laws, codes and norms that reflect, and respect, the conceptual complexity and uncertainty of privacy, which is fitting for the ever-changing online forms of Web 2.0. This article has put forward a technical and social solution in the form of standard development that would help to alleviate some of the concerns arising from privacy invasive geo-mashups. The author hopes that geo-browsers take up the call for the development of privacy standards for geo-mashups, which will assist with the complex balancing act of encouraging further geo-mashup innovations, whilst at the same time, enshrining acceptable uses of personal information that will help to mitigate privacy infringements arising from privacy invasive geo-mashups.
* Author and research funding details
[1] See Dawn Kawamoto, Internet Users Worldwide Surpass 1 Billion, http://news.cnet.com/8301-1023_3-10149534-93.html (last visited May 19, 2009).
[2] See generally OECD, Broadband Growth and Policies in OECD Countries, (2008) available at http://www.oecd.org/dataoecd/32/57/40629067.pdf.
[3] See OECD, Participative Web and User-Created Content: Web 2.0, Wikis and Social Networking 53-66 (2007) [hereinafter Participative Web].
[4] See Adam Ostrow, How Facebook Serves up Its 15 Billion Photos, http://mashable.com/2009/04/30/facebook-photo-sharing/ (last visited May 19, 2009)
[5] Id.
[6] See Arno Scharl, Towards the Geospatial Web: Media Platforms for Managing Geotagged Knowledge Repositories, in The Geospatial Web: How Geobrowsers, Social Software and the Web 2.0 Are Shaping the Network Society, 5 (2007) (defining a geo-browser as “a web based platform that allows users to browse geospatial data from a satellite perspective which provides an accurate visual representation of the Earth”).
[7] See e.g. Progammable Web, Mapping Mashups http://www.programmableweb.com/tag/mapping (last visited May 21, 2009); Google Maps Mania, http://googlemapsmania.blogspot.com/(last visited May 19, 2009) (detailing thousands of different geo-mashups).
[8] See Elizabeth Goodman & Andrea Moed, Community in Mashups: The Case of Personal Geodata 1 (M Cameron Jones & Michael B Twidale eds., ACM 2006) available at http://mashworks.net/images/5/59/Goodman_Moed_2006.pdf (the definition of geo-mashup is based on Goodman and Moed’s mashup).
[9] See Muki Haklay, et al., Web Mapping 2.0: The Neogeography of the Geoweb, 2 Geography Compass, (2008), 2011.
[10] See Daniel Thomas, Acquisition to Expand Microsoft's Map Services, Wall Street Journal, Dec. 13 2007, available at http://online.wsj.com/article/SB119747431495223769.html?mod=technology_main_whats_news.
[11] See Thai Tran, Google Maps Mashups 2.0, http://google-latlong.blogspot.com/2007/07/google-maps-mashups-20.html (last visited May 19, 2009) (regarding Google’s own move from static to interactive map-making capabilities).
[12] See Michael Goodchild, Citizens as Voluntary Sensors: Spatial Data Infrastructure in the World of Web 2.0 2 International Journal of Spatial Data Infrastructures Research (2007) [hereinafter Goodchild, Voluntary Sensors]; Michael Goodchild, Citizens as Sensors: The World of Volunteered Geography, 69 GeoJournal (2007) [hereinafter [Goodchild, Citizens as Sensors] (regarding the bi-directional flow of geospatial information from members of the public to geospatial professions and communities).
[13] See Jonathan L. Zittrain, The Generative Internet, 119 Harv. L. Rev., 1981 (2006) (regarding the concept of generativity which “is a function of a technology's capacity for leverage across a range of tasks, adaptability to a range of different tasks, ease of mastery, and accessibility).
[14] In his work, Zittrain uses generativity as a concept that is wider than Web 2.0. See Jonathan Zittrain, The Future of the Internet and How to Stop It 102, 123 (2008) (defining “Web 2.0” as “a new buzzword that celebrates this migration of applications traditionally found on the Internet to the PC. Confusingly, this term also refers to the separate phenomenon of increased user-generated content and indices on the Web – such as relying on user-provided tags to label photographs”). The author acknowledges the differences between Zittrain’s concept of the generative Internet and the definition of Web 2.0 used in this article. Nonetheless, the author contends that the interchangeable focus in this article regarding Web 2.0 and the generative Internet is possible in the context of privacy invasive geo-mashups. That is because both concepts stress the importance of new information flows that highlight the limitations of first generation privacy laws.
[15] Tim O'Reilly, What Is Web 2.0. Design Patterns and Business Models for the Next Generation of Software available at http://www.oreillynet.com/pub/a/oreilly/tim/news/2005/09/30/what-is-web-20.html.
[16] See e.g. Participative Web, supra note 3, at 17 (regarding the “participative web” which is intended to describe “the more extensive use of the Internet’s capabilities to expand creativity and communication”); Yochai Benkler, The Wealth of Networks: How Social Production Transforms Markets and Freedom 30 (2006) (detailing the “networked information economy” which presents “the first modern communications medium that expands its reach by decentralizing the capital structure of production and distribution of information, culture, and knowledge”); Zittrain, supra note 13 (defining the “generative Internet”).
[17] See John Musser & Tim O'Reilly, Web 2.0 Principles and Best Practices 12 (2007).
[18] See Benkler, supra note 16, at 3.
[19] See Participative Web supra note 3, at 27 (stating “There a range of technological, social, economic and institutional drivers of user-created content accounting for its rapid growth and pervasiveness”).
[20] See e.g. Lisa Veasman, Piggy Backing on the Web 2.0 Internet: Copyright Liability and Web 2.0 Hastings Comm. & Ent. L. J. 30 (2007) (highlighting the types of technologies used in Web 2.0 and differences to the previous Internet era).
[21] See e.g. Edward Lee, Warming up to User-Generated Content, 2008 U. Ill. L. Rev. 1500 (2008) (regarding the transfer of traditional desktop to web-based applications).
[22] See Musser & O'Reilly supra note 17, at 15
[23] See Axel Bruns, Blogs, Wikipedia, Second Life, and Beyond: From Production to Produsage 34 (2008) (defining a content producing Internet user as a “produser” to describe the idea of an Internet users as both a producer and user of technologies and information).
[24] See Zittrain supra note 14, at, 84, (stating that “[g]enerative systems allow users at large to try their hands at implementing and distributing new uses”).
[25] See Mohamed Bishr & Lefteris Mantelas, A Trust and Reputation Model for Filtering and Classifying Knowledge About Urban Growth, 72 GeoJournal 235 (2008) (regarding the provision of geospatial related information in Web 2.0).
[26] See Lee, supra note 21, at 1501 (regarding the growth of user generated content).
[27] See e.g. Scharl, supra note 6, at 5; David Tulloch, Many, Many Maps: Empowerment and Online Participatory Mapping, 12 First Monday (2007) available at http://www.uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/issue/view/224 (regarding the use of new Internet mapping tools that “are creating a newly empowered class of user”).
[28] See Claus Rinner, et al., The Use of Web 2.0 Concepts to Support Deliberation in Spatial Decision-Making, 32 Comput. Environ. Urban. Syst. 387 (2008) (highlighting the natural geospatial element to much user generated material “which increasingly is made explicit by adding geographic coordinates to the material’s metadata (i.e. geotagging it). This way, the content can be visualized on a map and in some cases, the map material itself is user-generated content”).
[29] See Kei-Hoi Cheung, et al., Semantic Mashup of Biomedical Data, 41 J. Biomed. Info. 683 (2008).
[30] Google, Google Maps, http://maps.google.com/ (last visited May 19, 2009).
[31] Yahoo!, Yahoo Maps, http://maps.yahoo.com/ (last visited May 19, 2009).
[32] Microsoft, Live Search Maps, http://maps.live.com/ (last visited May 19, 2009).
[33] NASA, Worldwind, http://worldwind.arc.nasa.gov/index.html (last visited May 19, 2009).
[34] See Scharl, supra note 6, at 5.
[35] See Vlad Tanasescu, et al., Geospatial Data Integration with Semantic Web Services: The Emerges Approach in The Geospatial Web: How Geobrowsers, Social Software and the Web 2.0 Are Shaping the Network Society, 247 (2007) (regarding Google Maps API and the growth of geo-mashups); see generally Andrew J Turner, Introduction to Neogeography (2006); Martin C. Brown & Corporation Ebooks, Hacking Google Maps and Google Earth (2006).
[36] See Zittrain supra note 14, at 124 (regarding the generative effects of the Google Maps API); Google Code, Google Maps Data API, http://code.google.com/apis/maps/documentation/mapsdata/(last visited May 19, 2009) (regarding the announcement of a new API that allows “client applications to view, store and update map data in the form of Google Data API feeds using a data model of features (placemarks, lines and shapes) and maps (collections of features)”); Brady Forrest, Google Launches Maps Data API, http://radar.oreilly.com/2009/05/google-launches-maps-data-api.html (last visited May 21, 2009) (regarding how Google could become a geodata supplier as well as a mapping interface provider).
[37] See Scharl, supra note 6, at 5.
[38] See Haklay, et al., supra note 9 , at 31
[39] See Scharl, supra note 6, at 5 (defining geotagging as the process of assigning geospatial context information, ranging from specific point locations to arbitrarily shaped regions”).
[40] See Rinner, et al., supra note 28, at 386.
[41] Housingmaps.Com, http://www.housingmaps.com/ (last visited May 19, 2009).
[42] See Musser & O'Reilly supra note 17, at 28.
[43] Id.
[44] The Scipionus website is no longer available on the Internet. See The Official Google Australia Blog, Mapping the Victorian Fires, http://google-au.blogspot.com/2009/02/mapping-victorian-fires.html (last visited May 19, 2009) (regarding a geo-mashup similar in principle to Scipionus developed by Google regarding the Victorian Bushfire disaster in February 2009 to provide assistance and information to people affected by the fires and emergency services personnel).
[45] See Christopher C. Miller, A Beast in the Field: The Google Maps Mashup as GIS/2, 41 Cartographica 194-5 (2006) (regarding further details about the Scipionus website).
[46] See Jacqueline W Mills & Andrew Curtis, Geospatial Approaches for Disease Risk Communication in Marginalized Communities 68-9 (2008) available at http://muse.jhu.edu/journals/progress_in_community_health_partnerships_research_education_and_action/v002/2.1mills.pdf.
[47] See Information Week, Nokia Enters Google Territory, Opens up Mapping API, http://www.informationweek.com/news/software/development/showArticle.jhtml?articleID=217600266&subSection=All+Stories (last visited May 19, 2009) (regarding Nokia’s new API for Ovi Maps which is claimed to be “the first step toward an ecosystem where developers can access Nokia's unique contextual assets, such as location, to create mobile applications that will redefine how we use our mobile devices").
[48] See Urs Gasser & John G. Palfrey, Jr., Case Study: Mashups Interoperability and Einnovation 3 (2007) available at http://ssrn.com/paper=1033232.
[49] See Miller, supra note 45, at 192 (explaining the relationship between the increase of user generated content and Google Maps).
[50] Compare e.g. Goodchild, Citizens as Sensors, supra note 12, at 217-220.; (regarding VGI); Bishr & Mantelas, supra note 25, at 229-230 (regarding the concept of Collaboratively Contributed Geographic Information (CCGI)); contrast Andrew Flanagin & Miriam Metzger, The Credibility of Volunteered Geographic Information, 72 GeoJournal, 142 (2008) (regarding a critical examination of the credibility of VGI); Andrew Keen, The Cult of the Amateur 64-68 (2007) (regarding more general concerns about the accuracy of information collected and published on the Internet).
[51] See e.g. Turner, supra note 35, at 3 (defining Neogeography as "about people using and creating their own maps, on their own terms and by combining elements of an existing toolset"); Haklay, et al., supra note 9, at 2021 (contrasting the difference between traditional cartographic sciences and Neogeography).
[52] See e.g. Miller, supra note 45, at 189 (describing GIS/2 as “a proposed alternative to mainstream GIS that would account for the less rigid, more socially and culturally mutable information needs of user groups being shut out by GIS/1”).
[53] See Goodchild, Citizens as Sensors, supra note 12, at 218. (highlighting GPS enabled mobile phones and digital cameras are able to take photos with automatic metadata tags of latitude and longitude readings of the photograph location); Scott Counts & Marc Smith, Where Were We: Communities for Sharing Space-Time Trails (ACM 2007) available at http://doi.acm.org/10.1145/1341012.1341026 (regarding a typography of such technologies); Google Android Google Mobile Blog, Your Maps in Your Hands for the Holidays, http://googlemobile.blogspot.com/2008/12/your-maps-in-your-hands-for-holidays.html (last visited May 19, 2009) (regarding the next stage of development relating to Google Android and the recording of geospatial data that will allow users to “create, edit, share, and view personalized maps on your Android powered phone synchronized with the My Maps tab on Google Maps…Your maps are automatically synchronized with your My Maps on the web”);
[54] See Goodchild, Voluntary Sensors, supra note 12, at 25-6.
[55] Reid Priedhorsky, et al., How a Personalized Geowiki Can Help Bicyclists Share Information More Effectively (ACM 2007) available at http://doi.acm.org/10.1145/1296951.1296962; Reid Priedhorsky & Loren Terveen, The Computational Geowiki: What, Why, and How (ACM 2008) available at http://doi.acm.org/10.1145/1460563.1460606.
[56] Mapmyrun, http://www.mapmyrun.com/ (last visited May 19, 2009).
[57] 1001 Seafoods, 1001 Secret Fishing Holes!, http://www.1001seafoods.com/fishing/fishing-maps.php (last visited May 18, 2009).
[58] Wikimapia, http://wikimapia.org/ (last visited May 19, 2009).
[59] See Goodchild, Voluntary Sensors, supra note 12, at 27.
[60] Flickr, http://www.flickr.com (last visited May 19, 2009).
[61] Platial.com, http://platial.com/ (last visited May 19, 2009).
[62] Placeopedia, http://www.placeopedia.com/ (last visited May 19, 2009).
[63] Open Street Map, http://www.openstreetmap.org/ (last visited 2009, May 31).
[64] London Profiler, http://www.londonprofiler.org/ (last visited May 19, 2009).
[65] Who Is Sick?, http://whoissick.org/sickness/ (last visited May 19, 2009).
[66] Tunisian Prison Map, http://www.kitab.nl/tunisianprisonersmap/ (last visited May 19, 2009)
[67] Universitat Oberta De Catalunya, Topobiographies of the Catalan Exile, http://www.topobiografies.cat/en/ (last visited May 19, 2009).
[68] The One Big Thing: Federal Government Spending Data Mashups, http://e-strategyblog.com/2009/04/the-one-big-thing-federal-government-spending-data-mashups/ (last visited May 19, 2009).
[69] Antenna Search, http://www.antennasearch.com/ (last visited May 19, 2009).
[70] Hospital Rankings, http://www.netdoc.com/hospital-rankings/ (last visited May 19, 2009).
[71] See Roger Clarke, Introducing Pits and Pets: Technologies Affecting Privacy, http://www.rogerclarke.com/DV/PITsPETs.html#Terms (last visited May 19, 2009) (regarding the article’s definition of privacy invasive geo-mashups which is based on Clarke’s definition of privacy invasive technologies).
[72] See Daniel J. Solove, Conceptualizing Privacy, 90 1154 Calif L Rev (2002) (suggesting a pragmatic approach to conceptualising privacy that focuses on privacy in specific contextual situations); Anita L Allen, Privacy as Data Control: Conceptual, Practical and Moral Limits of the Paradigm, 32 Conn. L. Rev. 869 (2000) (regarding the conceptual and practical limits of information privacy as control over personal information “privacy is open to broader and more perspicacious definitional analysis…. It is pointless (or merely symbolic) to ascribe a right to data control if it turns out that exercising the right is impossible”); Lisa Austin, Privacy and the Question of Technology, 22 L & Phil. 127 (2003) (regarding the difficulty in distinguishing specific normative arguments about privacy as control against more general principles of liberty and autonomy).
[73] See Roger Clarke, Privacy: More Wobble-Board Than Balance-Beam, http://www.rogerclarke.com/DV/Wobble.html (last visited May 19, 2009).
[74] The author acknowledges the social benefits that can arise from geo-mashups and this article should not be viewed as a general criticism of the use of geo-mashups or a call to restrict geo-mashup innovations. Geo-mashups provide exciting and new opportunities to involve members of the public and thus creates greater awareness to geographic, cartographic and indeed broader social issues. However, the author contends that the privacy issues raised from privacy invasive geo-mashups need to be addressed and discussed further.
[75] The author has no political allegiances with the BNP and this example is used solely to highlight the privacy issues that can emerge from privacy invasive geo-mashups. Moreover, the author respects the right of individuals to keep their political allegiances private should they choose to do so.
[76] British National Party, http://bnp.org.uk/ (last visited May 19, 2009).
[77] See Wikipedia, British National Party, http://en.wikipedia.org/wiki/British_National_Party (last visited May 19, 2009) (regarding a concise history of the BNP).
[78] See e.g. BNP, Immigration, http://bnp.org.uk/policies/immigration/ (last visited May 19, 2009) (regarding the BNP’s current policies on immigration “We will abolish the ‘positive discrimination’ schemes that have made white Britons second-class citizens. We will also clamp down on the flood of ‘asylum seekers’, all of whom are either bogus or can find refuge much nearer their home countries”).
[79] See BBC News, ACPO Bans Police from Joining BNP, http://news.bbc.co.uk/2/hi/uk_news/3930175.stm (last visited May 19, 2009) (regarding the Association of Chief Police Officers (ACPO) ban on membership of the BNP in UK police forces); Christopher Hope, How Many BNP Activists Live in Your Town? Now You Can Find Out, The Times, Nov. 20 November. 2008, available at http://www.telegraph.co.uk/news/newstopics/politics/3484489/How-many-BNP-activists-live-in-your-town-Now-you-can-find-out.html, (stating, “There is no question that the BNP is widely viewed with deep suspicion. Police officers, for example, cannot join because it "would be incompatible with our duty to promote equality under the Race Relations Amendment Act and would damage the confidence of minority communities," [quoting Greater Manchester Police Chief Constable, Peter Fahy]).
[80] See Esther Addley & Haroon Siddique, BNP Membership List Posted Online by Former 'Hardliner', Nov. 19 2008, available at http://www.guardian.co.uk/politics/2008/nov/19/bnp-list; Dominic Kennedy & Nico Hines, Thousands in Fear after BNP Members List Leak, The Times Nov. 19 2008, available at http://www.timesonline.co.uk/tol/news/politics/article5183833.ece; James Kirkup & Christopher Hope, BNP Membership List Leaked onto Internet, The Daily Telegraph Nov. 19 2008, available at http://www.telegraph.co.uk/news/newstopics/politics/3479612/BNP-membership-list-leaked-onto-internet.html; BBC News, BNP Activists' Details Published, http://news.bbc.co.uk/2/hi/uk_news/7736405.stm (last visited May 19, 2009); James Sturcke, et al., BNP Membership List Leaked Online, Guardian Nov. 18 2008, available at http://www.guardian.co.uk/politics/2008/nov/18/bnp-membership-list-leak; Ben Russell, BNP Membership List Published on Internet, The Independent Nov. 19 2008, available at http://www.independent.co.uk/news/uk/politics/bnp-membership-list-published-on-internet-1024719.html.
[81] See Manchester Evening News, BNP Protest after Arrests, 2008, available at http://www.manchestereveningnews.co.uk/news/s/1080665_bnp_protest_after_arrests.
[82] See Addley & Siddique, supra note 80.
[83] See Id.; Hope, supra note 79 (reporting that data collected and published on the list was of a rather unconventional nature “Some of the detail leaves the BNP open to mockery. Why, for example, would the BNP need to record the following about one member from Wiltshire: "Hobbies: amateur radio & 'church crawling'. Quaker attender - proof of entitlement seen"? Or how about this, attached to the entry for one woman from the south of England: "Owner of a WW2 jeep. Singer with a ladies' barber shop chorus and quartet").
[84] See BBC News, Two Arrests over Leaked BNP List, http://news.bbc.co.uk/2/hi/uk_news/england/nottinghamshire/7768142.stm (last visited May 19, 2009); Nottingham Evening Post, BNP Expects More Arrests over Leaked Membership List, 2008 available at http://www.thisisnottingham.co.uk/crime/arrested-Notts-BNP-membership-leakarticle-527013-details/article.html; Ian Johnston, Two Held over BNP Member List Leak, The Independent Dec. 6 2008, available at http://www.independent.co.uk/news/uk/home-news/two-held-over-bnp-member-list-leak-1054428.html; Sarah Knapton, Two Arrested over Leaking of BNP Membership List, The Telegraph Dec. 5 2008, available at http://www.telegraph.co.uk/news/newstopics/politics/3568802/Two-arrested-over-leaking-of-BNP-membership-list.html; BBC News, BNP List Arrest Pair Are Bailed, http://news.bbc.co.uk/2/hi/uk_news/england/nottinghamshire/7775631.stm (last visited May 19, 2009).
[85] Wikileaks has subsequently closed down due to the excessive demand generated by the publication of the BNP membership list and the unauthorised publication of the Australian Government’s list of banned websites.
[86] Wikipedia, Wikileaks, http://en.wikipedia.org/wiki/Wikiweaks (last visited May 19, 2009).
[87] See Sam Leith, What's 'Liberal' About Hacking into the BNP?, The Times, Nov. 22 2008, available at http://www.telegraph.co.uk/comment/columnists/samleith/3563694/Whats-liberal-about-hacking-into-the-BNP.html (regarding publication of personal information from the BNP membership list on Facebook).
[88] Times Online, BNP Membership by Postal District, http://www.timesonline.co.uk/tol/news/uk/article5191424.ece (last visited May 19, 2009).
[89] Id.
[90] Guardian, BNP Members: The Far Right Map of Britain, http://www.guardian.co.uk/uk/interactive/2008/nov/19/bnp (last visited May 19, 2009).
[91] Spod.Cx, Leaked BNP Member List Map, http://spod.cx/bnp_members_list.shtml (last visited May 19, 2009) (the original map has subsequently been removed and replaced).
[92] See Mike Butcher, Updated: BNP Member List Mashed with Google Maps Creates a Sea of Red Dots, but Dangerously Inaccurate, http://uk.techcrunch.com/2008/11/19/bnp-member-list-mashed-with-google-maps-creates-a-sea-of-red-dots/ (last visited May 19, 2009) (reporting potential inaccuracies and misrepresentations relating to the BNP Near Me geo-mashup); Mike Butcher, One More BNP Thing - Heatmaps Replace Pins, but Pandora’s Box Is Now Open, http://uk.techcrunch.com/2008/11/19/one-more-bnp-thing-heatmaps-replace-pins-but-pandoras-box-is-now-open/ (last visited May 19, 2009) (highlighting some of the consequences of the publication of the BNP list).
[93] BNP Member Proximity Search, http://www.fishmech.net/bnp/ (last visited May 19, 2009)
[94] See BBC News, 'BNP Membership' Officer Sacked, http://news.bbc.co.uk/2/hi/uk_news/england/merseyside/7956824.stm (last visited May 19, 2009) (regarding the sacking of a police officer for being a member of the BNP); London Evening Standard, Radio Host Exposed in BNP Leak is Axed, 2008, available at http://www.thisislondon.co.uk/standard/article-23589438-details/Radio+host+exposed+in+BNP+leak+is+sacked/article.do (regarding the sacking of a national talk back radio presenter); BBC News, Church Asked to Ban BNP Members, http://news.bbc.co.uk/2/hi/uk_news/7838280.stm (last visited May 19, 2009) (highlighting the Church of England Synod is considering banning clergy from joining the BNP after it was revealed that clergymen were members of the BNP).
[95] See BBC News, BNP Members 'Targeted by Threats', http://news.bbc.co.uk/2/hi/uk_news/politics/7736794.stm (last visited May 19, 2009) (regarding details of threats received by callers to a BBC radio programme); Ian Watson, Privacy Issues for BNP Members, http://news.bbc.co.uk/2/hi/uk_news/politics/7737651.stm (last visited May 19, 2009) (regarding the security of BNP members in Northern Ireland and the Irish Republic); The Sentinel, Death Threats for Politician after BNP Members List Is Leaked, 2008, available at http://www.thisisstaffordshire.co.uk/news/Death-threats-follow-BNP-listarticle-488115-details/article.html (regarding death threats received by a BNP local councillor); This Is Cornwall, Death Threats as BNP Members Are Named, 2008, available at http://www.thisiscornwall.co.uk/northcornwall/Death-threats-BNP-members-named/article-499803-detail/article.html (regarding death threats to Cornish BNP members).
[96] See Nico Hines, BNP Member Says Family Safety at Risk after Car Explodes Outside Home, The Times 2008, available at http://www.timesonline.co.uk/tol/news/uk/crime/article5204727.ece; BBC News, Police Probe BNP Link to Car Fire, http://news.bbc.co.uk/2/hi/uk_news/england/bradford/7741270.stm (last visited May 19, 2009).
[97] Tom Owad, Data Mining 101: Finding Subversives with Amazon Wishlists, http://www.applefritter.com/bannedbooks (last visited May 19, 2009).
[98] Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA Patriot Act) Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 [hereinafter Patriot Act].
[99] Patriot Act § 215.
[100] See Eric Lichtbau, F.B.I., Using Patriot Act, Demands Library's Records The New York Times Aug. 26 2005, available at http://www.nytimes.com/2005/08/26/politics/26patriot.html (regarding the first attempt by the FBI to use the powers under the Act to demand access to library records from a Connecticut institution).
[101] Amazon, http://www.amazon.com/ (last visited May 19, 2009).
[102] Amazon Wish List, http://www.amazon.com/gp/registry/wishlist/ (last visited May 19, 2009).
[103] Owad, supra note 97.
[104] Id.
[105] Id.
[106] Yahoo People Search, http://people.yahoo.com/(last visited May 19, 2009)
[107] Owad, supra note 97.
[108] Id.
[109] Everyblock Chicago, Welcome to Everyblock's Chicago Crime Section, http://chicago.everyblock.com/crime/ (last visited May 19, 2009). The Chicago Crimes website was formerly known as chicagocrime.org and is represented as such in the older literature.
[110] See Miller, supra note 45, at 192.
[111] Los Angeles Police Department, Crime Maps, http://www.lapdcrimemaps.org/ (last visited May 20, 2009).
[112] Crime Reports, http://crimereports.com/lea/cr (last visited May 20, 2009).
[113] Crime Reports, How It Works, http://crimereports.com/lea/crhowitworks (last visited May 21, 2009).
[114] Crime Reports, FAQs, http://crimereports.com/company/faq#whycreated (last visited May 19, 2009).
[115] Metropolitan Police, Metropolitan Police Crime Mapping, http://maps.met.police.uk/ (last visited May 21, 2009).
[116] See Berliner Kurier, Berlin Crime Map, http://www.berliner-kurier.de/blaulichtkurier/ (last visited May 20, 2009).
[117] Los Angeles Times, The Homicide Map >> Los Angeles County Victims, http://www.latimes.com/news/local/crime/homicidemap/ (last visited May 20, 2009).
[118] See e.g. Los Angeles Times, The Homicide Report, http://latimesblogs.latimes.com/homicidereport/2009/05/crenshaw-michael-mccullough-15.html#comments (last visited May 19, 2009) (regarding the murder of Michael McCullough).
[119] Spotcrime, http://www.spotcrime.com/(last visited May 21, 2009)
[120] See Spotcrime, Spotcrime Help, http://www.spotcrime.com/help.php (last visited May 21, 2009) (regarding a user’s opportunity to report crimes relating to theft, burglary, robbery, assault, arson, shootings, vandalism and arrests).
[121] Typically, the last two digits are replaced from a house address number with ‘XX’, for example “205XX Roscoe BL” or 7XX W 148th ST. It would appear that the Los Angeles Police Department conducts this process automatically).
[122] Google, Google Maps Street View, http://maps.google.com/help/maps/streetview/faq.html (last visited May 19, 2009).
[123] The author does not intend to provide details of the incident for obvious reasons of sensitivity. However, SpotCrime has been informed about the situation.
[124] Siam Daily News, Student Data Slip out via Google Maps, 2008, available at http://english.siamdailynews.com/asia-news/eastern-asia-news/japan-news/student-data-slip-out-via-google-maps.html.
[125] Google Lat Long Blog, Save and Share Directions with My Maps, http://google-latlong.blogspot.com/2009/04/save-and-share-directions-with-my-maps.html (last visited May 19, 2009)
[126] Siam Daily News, supra note 124.
[127] See Id.; Google Code, Google Maps Data API: Developer Guide: Http Protocol, http://code.google.com/apis/maps/documentation/mapsdata/developers_guide_protocol.html (last visited May 19, 2009).
[128] Siam Daily News, supra note 124.
[129] Id.
[130] Wordnet, http://wordnetweb.princeton.edu/perl/webwn?s=invasion%20of%20privacy (last visited May 31, 2009).
[131] The author acknowledges the voluminous case law and commentary relating to celebrities and invasions of privacy. However, these issues will not be addressed in this article.
[132] Gawker, Home Page, http://gawker.com/ (last visited May 19, 2009).
[133] Gawker, Gawker Stalker, http://gawker.com/stalker/ (last visited May 19, 2009).
[134] Gawker, Introducing Gawker Stalker Maps, http://gawker.com/news/stalker/introducing-gawker-stalker-maps-160338.php (last visited May 19, 2009).
[135] Jonathan Zittrain, Privacy 2.0, U Chi. Legal F. 86 (2008) (stating “Gawker strives to relay the sightings within fifteen minutes and place them upon a Google map, so that if Jack Nicholson is at Starbucks, one can arrive in time to stand awkwardly near him before he finishes his latte”).
[136] See Dominic Knight, Google's Searching for Stalkers, http://blogs.smh.com.au/newsblog/archives/dom_knight/013909.html?page=2#comments (last visited May 19, 2009) (commenting “[a]s always, Google's got great technology, but serious privacy problems”). The criticism directed purely at Google is a little harsh given that the geo-mashup was actually created by Gawker but it does address an interesting issue which we address below, namely how much responsibility should Google have as a technological facilitator of geo-mashups.
[137] See Jeff McIntyre, Stalk Market: Why Gawker.Com Is Putting the Fear in Celebrities, http://www.cbc.ca/arts/media/gawker.html (last visited May 19, 2009); Igossip, GPS Images - Celebrity Tracking, http://igossip.com/gossip/GPS_Images_a_Celebrity_Tracking_Ali_Lohan/542043 (last visited May 19, 2009) (regarding an example of McIntyre’s “DIY paparazzi movement”).
[138] See Donna Freydkin & Olivia Barker, At Gawker Stalker, a 'Big Whole to-Do' over the Mapping Feature, USA Today 28 March. 2006, available at http://www.usatoday.com/life/people/2006-03-28-gawker-sidebar_x.htm; Donna Freydkin & Olivia Barker, Starstruck Websites Just Won't Leave Celebs Alone, USA Today 28 March. 2006, available at http://www.usatoday.com/life/people/2006-03-28-gawker-main_x.htm.
[139] See Brendan Spiegel, Websites Go Crazy Tracking Urban Eccentrics, http://www.wired.com/entertainment/theweb/news/2008/04/urban_eccentrics (last visited May 19, 2009).
[140] FindHeMan, Find He-Man, http://findheman.com/ (last visited May 19, 2009).
[141] Spiegel, supra note 139.
[142] See FindHeMan, supra note 140 (suggesting users email the site creators with the “time, date, an image or video, a description of his particular attire, and speculation as to what He-Man was doing on this particular day”).
[143] Platial.Com, He-Man Sightings, http://platial.com/map/He-Man-sightings/42645#post1989801 (last visited May 19, 2009)
[144] Spiegel, supra note 139.
[145] Celebrity Maps, Home Page, http://www.celebrity-maps.com/index.php (last visited May 19, 2009)
[146] Celebrity Maps, About Us, http://www.celebrity-maps.com/about_us.php (last visited May 19, 2009)
[147] Given the ubiquity of mobile/cell phones, the merger of mobile communications with social networking facilities and the easy transfer of data to geo-mashups, it seems to the author only a matter of time before geo-mashup bullies emerge. The ability to track bullied individuals and then provide location-tracking information with commentary, overlaid onto a geo-mashup for either for public or private use is now becoming a simple task.
[148] A website along the lines of TrackYourTramp.com is not a great a leap forward from the existing Seattle Notables geo-mashup.
[149] See Australian Law Reform Commission, Review of Australian Privacy Law (DP72) (2007) (regarding the Commission’s initial discussion paper) [hereinafter DP72]; Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice (2008) (regarding the final report) [hereinafter For Your Information].
[150] See DP72, supra note 149, at 205.
[151] See Clarke, supra note 73 (regarding the article’s definition of information privacy based on Clarke’s “the interest an individual has in controlling, or at least significantly influencing, the handling of data about themselves”).
[152] See Gary T Marx, What’s in a Concept? Some Reflections on the Complications and Complexities of Personal Information and Anonymity, 3 University of Ottawa Law & Technology Journal, 13 (2006) available at http://www.uoltj.ca/articles/vol3.1/2006.3.1.uoltj.Marx.1-34.pdf (regarding the value conflicts that can arise between the individual and the community regarding identity and anonymity).
[153] See Zittrain, supra note 7, at 1980 (defining generativity as “a technology's overall capacity to produce unprompted change driven by large, varied, and uncoordinated audiences”).
[154] See Joel R. Reidenberg, Privacy in the Information Economy: A Fortress or Frontier for Individual Rights?, 44 Fed. Comm. L. J. 201 (1992) (stating, “[P]rivacy principles applicable to computer processing of personal information were widely recognized around the world as a necessity for an information-based economy”); Colin J. Bennett, Convergence Revisited: Toward a Global Policy for the Protection of Personal Data?, in Technology and Privacy: The New Landscape 99 (1997).
[155] Education & Welfare Advisory Committee to the Secretary of Health, Records Computers and the Rights of Citizens available at http://aspe.hhs.gov/DATACNCL/1973privacy/tocprefacemembers.htm [hereinafter Advisory Committee to the Secretary of Health].
[156] See Robert Gellman, Does Privacy Law Work?, in Technology and Privacy: The New Landscape 195 (1997)
[157] Advisory Committee to the Secretary of Health, supra note 155.
[158] See Gellman, supra note 156, at 195, (stating “A key objective of the Privacy Act was restricting the government’s use of computer technology to invade privacy. This act was based on the 1973 recommendations of a federal advisory committee”).
[159] Privacy Act of 1974, 5 § U.S.C 552a.
[160] See Daniel J. Solove, et al., Information Privacy Law 579 (2006).
[161] Council of Europe, Committee of Ministers, Resolution 73(22) on the Protection of the Privacy of Individuals vis-à-vis Electronic Data Banks in the Private Sector; Council of Europe, Committee of Ministers, Resolution (74) 29 on the Protection of the Privacy of Individuals vis-à-vis Electronic Data Banks in the Public Sector.
[162] Rosemary Jay & Angus Hamilton, Data Protection Law and Practice 8 (3rd ed. 2007)
[163] Council of Europe, Committee of Ministers, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (1981).
[164] Lee A. Bygrave, Data Protection Law: Approaching Its Rationale, Logic and Limits 34 (2002).
[165] See Jay & Hamilton, supra note 162, at 8-9.
[166] Directive (95/46/EC) on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data [1995] O.J. L281/31.
[167] See Bygrave, supra note 164, at 58.
[168] See OECD, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980) available at http://www.oecd.org/document/18/0,2340,es_2649_34255_1815186_1_1_1_1,00.html [hereinafter OECD Guidelines].
[169] See Roger Clarke, The OECD Data Protection Guidelines: A Template for Evaluating Information Privacy Law and Proposals for Information Privacy Law, http://www.anu.edu.au/people/Roger.Clarke/DV/PaperOECD.html (last visited May 19, 2009).
[170] OECD Guidelines, supra note 168.
[171] See Clarke, supra note 169.
[172] OECD Guidelines supra note 168.
[173] See Marc Rotenberg, Fair Information Practices and the Architecture of Privacy, Stan. Tech. L. Rev 2 (2001)
Not only have Fair Information Practices played a significant role in framing privacy laws in the United States, these basic principles have also contributed to the development of privacy laws around the world and even to the development of important international guidelines for privacy protection… Commentators have also noted a remarkable convergence of privacy policies. Countries around the world, with very distinct cultural backgrounds and systems of governance, nonetheless have adopted roughly similar approaches to privacy protection. Perhaps this is not so surprising. The original OECD Guidelines were drafted by representatives from North America, Europe, and Asia. The OECD Guidelines reflect a broad consensus about how to safeguard the control and use of personal information in a world where data can flow freely across national borders.
[174] See Bygrave, supra note 164 at 32.
[175] See Privacy Act 1988 (Austrl.); Greg Tucker, Frontiers of Information Privacy in Australia, 3 JLIS (1992) (regarding a brief history of the Act’s development and the relationship with the OECD Guidelines).
[176] The Privacy Act 1983 (Can) was developed from the OECD Guidelines with reference to public sector privacy protection only. See Austin, supra note 72, at 123-4 (referring to the impact of the OECD Guidelines on the development of Canadian privacy law in general and the PIPED Act in particular).
[177] See e.g. Mayer-Schonberger, Generational Development of Data Protection in Europe, in Technology and Privacy: The New Landscape, (1997), 221; Colin J. Bennett & Charles D. Raab, The Governance of Privacy : Policy Instruments in Global Perspective (2nd ed. 2006).
[178] The author provides examples of Bygrave’s principles with reference to four key first generation information privacy laws: the Privacy Act 1974, the EU Data Protection Directive, the Privacy Act 1988 (Austrl) and the Privacy Act 1983 (Can).
[179] See Bygrave, supra note 164, at 57 (referring to data protection rather than information privacy laws); Simon Davies, Re-Engineering the Right to Privacy: How Privacy Has Been Transformed from a Right to a Commodity, in Technology and Privacy: The New Landscape 158 (1997) (regarding a critical distinction between the data protection and information privacy); Paul M. Schwartz, Privacy and Participation: Personal Information and Public Sector Regulation in the United States, 80 Iowa L. R. 560 (1995) (regarding a more positive view of data protection as the enhancement of participation in informational and political processes); Roger Clarke, Introduction to Dataveillance and Information Privacy, and Definitions of Terms, http://www.rogerclarke.com/DV/Intro.html (last visited May 19, 2009)
Legislatures of countries on the Continent of Europe, and to some extent also in North America, passed laws addressing information privacy, primarily during the 1970s, though with some laggards deferring action until the 1980s or even 1990s. These laws mostly focus on 'data protection', i.e. they protect data about people, rather than people themselves. This is unfortunate because, although data protection is a more pragmatic concept than the abstract notion of privacy (and it's therefore easier to produce results), it's not what humans actually need.
Clarke touches on the normative values of data protection laws as a protector of individual rights rather than the protection of personal data. In many ways, this type of protection is akin to that described by Zittrain in Privacy 2.0. Accordingly, for the purposes of this article, the author recognises the distinctions that can arise from data protection and information privacy legal concepts but uses ‘first generation information privacy laws’ as a catch all for both types of law.
[180] See Bygrave, supra note 164 at 58.
[181] Id.
[182] Id.
[183] Id. at 59. For example, 5 § U.S.C 552(a)(b)(1)-(4); Art 6(1) and Art 7(1) Directive 95/46/EC, S. 7(a) Privacy Act 1983 (Can.), and S. 14 Privacy Act 1988 (Austrl.), Information Privacy Principles 1 and 9.
[184] See Bygrave, supra note 164 at 59.
[185] For example, 5 § U.S.C 552(a)(b)(2); Art 6(1)(b)-(c) Directive 95/46/EC; S. 5(1) Privacy Act 1983 (Can.) and S. 14 of the Privacy Act 1988 (Austrl.), Information Privacy Principle 2.
[186] See Bygrave, supra note 164 at 61.
[187] Id. For example, 5 § U.S.C 552(a)(b)(2); Art 6 (1)(A) Directive 95/46/EC, S. 4 Privacy Act 1983 (Can.) and S. 14 Privacy Act 1988 (Austrl.), Information Privacy Principle 1.
[188] Id. at 62.
[189] For example, 5 § U.S.C 552(a)(e)(1),(5)-(6), Art 6(1)(d) Directive 95/46/EC, S. 4-5 Privacy Act 1983 (Can.) and S. 14 Privacy Act 1988 (Austrl.), Information Privacy Principle 3.
[190] See Bygrave, supra note 164 at 63.
[191] Id. For example, 5 § U.S.C 552(a)(c)(1)-(4), Art 10 and 12 Directive 95/46/EC, S. 12(1)(A)&(B) Privacy Act 1983 (Can.) and S. 14 Privacy Act 1988 (Austrl.), Information Privacy Principles 5-7.
[192] See Bygrave, supra note 164 at 67. For example, 5 § U.S.C 552(a)(e)(9)-(10), Art 17 Directive 95/46/EC, Section 6(3) Privacy Act 1983 (Can.) and S. 8(1), (2) Privacy Act 1988 (Cth), Information Privacy Principle 4.
[193] See Bygrave, supra note 164 at 67. For example, Art 8(1) Directive 95/46/EC. The information security principle is not recognised as fully as the other principles.
[194] See Bygrave, supra note 164 at 68; Marx, supra note 152, at 13 (demonstrating the rationale for greater control over personally sensitive information).
[195] See Solove, et al., supra note 160, at 578.
Fair Information Practices can be understood most simply as the rights and responsibilities that are associated with the transfer and use of personal information. Since the intent is to correct information asymmetries that result from the transfer of personal data from an individual to an organization, Fair Information Practices typically assign rights to individuals and responsibilities to organizations.
[196] See e.g. Daniel J. Solove, Privacy and Power: Computer Databases and Metaphors for Information Privacy, 53 Stan. L. Rev. (2001) (providing a historical overview of governmental and private sector personal information collection and legal impacts through notions of Big and Little Brother focused regulation).
[197] See Alan F. Westin & Michael A. Baker, Databanks in a Free Society: Computers, Record-Keeping, and Privacy; Report 66-75 (1972) (regarding disclosures of personal information that may have been flexible but the pathways of personal information provision which were relatively static, as in the New York State Department of Motor Vehicles (DMV) case study).
[198] See e.g. Owad, supra note 97 (regarding the use of home computer equipment for relatively complex data mining purposes).
[199] See Zittrain, supra note 135, at 69.
[200] For example, using the four laws highlighted above, see 5 § U.S.C 553(a)(2) “individual” means a citizen of the United States or an alien lawfully admitted for permanent residence; Art 2(a) Directive 95/46/EC “data subject” an identified or identifiable natural person, S. 3 Privacy Act 1983 (Can.) “individual” but undefined and S. 3 Privacy Act 1988 (Austrl.) “individual” means a natural person.
[201] The definition of personal information varies amongst different first generation laws. In 5 § U.S.C 553(a)(1) refers to “agency“, Art 2(a) Directive 95/46/EC; refers to natural person ('data subject'); S. 6(3) Privacy Act 1983 (Can) refers to “an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”.
[202]. See 5 § U.S.C 553(a)(9)-(11) refers to “source” and “recipient agency”, Art 2(e),(f)&(g) Directive 95/46/EC refers to “processor”, “third party” and “recipient”, S. 3 Privacy Act 1983 (Can) refers to “government institution” and S. 3-6(C) Privacy Act 1988 (Austrl.) refers to “agency” or “organisation”.
[203] See e.g. 5 § U.S.C 552(a)(e)(9)-(10), Art 17 Directive 95/46/EC, S. 3 Privacy Act 1983 (Can.) refer to “government institution” and S. 3 and 6(C) Privacy Act 1988 (Austrl.) refer to "agency” or “organisation”.
[204] See e.g. Bygrave, supra note 164 (regarding the minimality and purpose specification principles).
[205] Id. (regarding the information quality, individual control and participation, information security and sensitivity principles).
[206] Id. (regarding the individual control and participation principles).
[207] Id. (regarding the disclosure limitation principles).
[208] See Zittrain, supra note 135, at 65.
[209] Id.
[210] Id. at 81 (stating “[w]ith cheap sensors, processors, and networks, citizens can quickly distribute to anywhere in the world what they capture in their backyard. Therefore, any activity is subject to recording and broadcast”.
[211] Id. at 100
[212] Id.
[213] Personal information disclosure has historically been more difficult to approximate than personal information collection because of the different uses that personal information can be put to. However, privacy concerns regarding the disclosure and the re-use of personal information can still fall into a relatively small number of categories, particularly surveillance, data matching and commercial purposes. See e.g. Solove, supra note 196, at 1395 (regarding the scale of commercial re-use of personal information that causes current privacy problems and not just the commercial activity itself); Chris J. Hoofnagle, Big Brother's Little Helpers: How Choicepoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement 29 N.C.J. Int'l L. & Com. Reg. (2004); Derek J Somogy, Information Brokers and Privacy, 1 I/S: A Journal of Law and Policy for the Information Society, (2006) (regarding the rise of data brokers whose scale of development may not have been fully appreciated in the 1970’s); Austin, supra note 72, at 143 (regarding the major concerns arising from public and private sector personal data collection); Gary T. Marx, A Tack in the Shoe: Neutralizing and Resisting the New Surveillance, 59 J. Soc. Issues., 370 (2003) (regarding general surveillance concerns); Paul M. Schwartz, Data Processing and Government Administration, 43 Hast. L. J., 1329-34 (1992) (regarding the reasons for public sector personal information collection).
[214] See Zittrain, supra note 135, at 69.
[215] See Id (citing pressures arising from law enforcement and commerce as significant reasons for these failures).
[216] See e.g., Solove, supra note 196; Marcy E Peek, Information Privacy and Corporate Power: Towards a Re-Imagination of Information Privacy Law, 37 Seton Hall L. Rev. (2006); Davies supra note 179; Chris J. Hoofnagle, Privacy Self-Regulation: A Decade of Disappointment, in Consumer Protection in the Age of the 'Information Economy' (2006).
[217] See Zittrain, supra note 135, at 100.
[218] Id. at 81
[219] Data Protection Act 1998 (UK)
[220] In fact, in some ways it could be argued that the Data Protection Act provided strong privacy protections given the arrest of the two individuals who were alleged to have been responsible for the unauthorised leak of the membership list. The arrests were presumably under offences related to section 55(1) and (3) of the Act, “A person must not knowingly or recklessly, without the consent of the data controller— (a) obtain or disclose personal data or the information contained in personal data, or (b) procure the disclosure to another person of the information contained in personal data”. Section 55(3) states “A person who contravenes subsection (1) is guilty of an offence”.
[221] It should be noted that the lack of a data breach notification law in the UK might also have exacerbated the problem particular in light of the reporting to law enforcement agencies suggested. See e.g. Paul M Schwartz & Edward J Janger, Notification of Data Security Breaches, 105 Mich. L.R. (2007). If law enforcement agencies had been notified at the onset of the problem then perhaps action could have been taken to restrict the use of names and addresses. This is debatable point given the fact that the effectiveness of data breach legislation remains in question. See e.g. Flora J Garcia, Data Protection, Breach Notification, and the Interplay between State and Federal Law: The Experiments Need More Time, 17 Fordham Intell. Prop. Media & Ent. L. J. (2007); Kathryn E Picanso, Protecting Information Security Under a Uniform Data Breach Notification Law, 75 Ford. L. R. (2006).
[222] See Tanasescu, et al., supra note 35, at 247 (regarding reasons for the popularity of geo-mashups that add another, easier to understand dimension to the written words of the Internet)
The popularity of Web 2.0 maps and mash-up applications shows the interest and the appeal of the geographic environment for Web users; mash-ups are used for such a wide variety of goals that it seems that space, mediated through realistic Web maps, may provide the terrain for data integration rooted into human cognition that the more abstract textual Web has not yet succeeded to achieve.
[223] See BBC News, supra note 96 (highlighting the car bombing attack which provides a graphic example of the dangers arising from the provision of inaccurate information. The car attacked was owned by a neighbor of a BNP member and he had parked his car outside of his neighbors house. According to the BBC, the BNP reported that none of its members lived in the street where the attack took place even though one of the houses in the street was on the BNP membership list); Paul Sims, Police Probe 'Vigilante Firebomb' Attack on Home of Man Named on BNP List, Daily Mail 2008, available at http://www.dailymail.co.uk/news/article-1088167/Police-probe-vigilante-firebomb-attack-home-man-named-BNP-list.html (reporting the person who was named on the BNP list and he confirmed that he left the Party the previous year).
[224] Google Streetview itself has been subject to some criticism: See BBC News, Greece Puts Brakes on Street View http://news.bbc.co.uk/2/hi/technology/8045517.stm (last visited May 19, 2009) (regarding the banning of Streetview in Greece); contrast BBC News, All Clear for Google Street View, http://news.bbc.co.uk/2/hi/technology/8014178.stm (last visited May 19, 2009) (regarding a decision by the UK Information Commissioner to pass its use in the UK); . Josh Blackman, Omniveillance, Google, Privacy in Public, and the Right to Your Digital Identity: A Tort for Recording and Disseminating an Individual's Image over the Internet, 49 Santa Clara L. Rev. 315 (2008) (regarding the development of a privacy related tort “the right to your digital identity” in public places to counteract problems emerging from Google Streetview).
[225] The author has not included details of websites where the membership list is still available for obvious reasons but these sites are easily accessible via Internet search engines.
[226] See Zittrain, supra note 135, at 100.
[227] See J Nehf, Recognizing the Societal Value in Information Privacy, 78 Wa. L. Rev., 7 (2003) (referring generally of the societal issues involved with privacy regulation that require flexible and new approaches).
If we look at the way in which information is collected and used in today's society, we see that the problems presented are not typical consumer issues that we can expect individuals to police for themselves with the aid of prohibitory laws. The policy issues have much more in common with societal problems that we have historically regulated in a fundamentally different way. Policy makers should recognize this relationship in the formulation of privacy legislation and create a regulatory environment that provides meaningful protection of our collective privacy interests.
[228] See e.g. For Your Information, supra note 149, at 422 (enshrining the idea of technological neutrality in Australian privacy law “In the ALRC’s view, technology-neutral privacy principles provide the most effective way to ensure individual privacy protection in light of developing technology”).
[229] See Zittrain, supra note 135, at 99.
[230] Id.
[231] Id. at 105.
[232] See e.g. Veasman, supra note 20; Lee, supra note 21; Branwen Buckley, Suetube: Web 2.0 and Copyright Infringement, 31 CVLAJLA (2008); Greg Lastowka, User-Generated Content and Virtual Worlds, 10 Vand. J. Ent. & Tech. L. (2007); Steven Hetcher, User-Generated Content and the Future of Copyright: Part One - Investiture of Ownership, 10 Vand. J. Ent. & Tech. L., (2007); Steven Hetcher, User-Generated Content and the Future of Copyright: Part Two - Agreements Between Users and Mega-Sites Symposium Review, 24 Santa Clara Computer & High Tech. L.J. (2007); Casey Fiesler, Everything I Need to Know I Learned from Fandom: How Existing Social Norms Can Help Shape the Next Generation of User-Generated Content Note, 10 Vand. J. Ent. & Tech. L. (2007).
[233] See e.g. Jessica Litman, Information Privacy/Information Property, 52 Stan. L. Rev. 1297 (2000) (highlighting deficiencies in the inter-changeability of copyright and information privacy concepts); Pamela Samuelson, Privacy as Intellectual Property?, 52 Stan. L. Rev. 1147 (2000) (rejecting the concept of propertizing personal information); Ann Bartow, Our Data, Ourselves: Privacy, Propertization, and Gender, 34 USFLR 634 (2000) (contending the opposite view).
[234] See Zittrain, supra note 135, at 106.
[235] Id.
[236] Id. at 107
[237] Id. at 109
[238] Id. at 118
[239] Janice Warner & Soon Ae Chun, A Citizen Privacy Protection Model for E-Government Mashup Services (2008); Janice Warner & Soon Ae Chun, Privacy Protection in Government Mashups, 14 Information Polity (2009)
[240] See Warner & Chun, Privacy Protection in Government Mashups, at 88
[241] Id. at 76
[242] Id. at 79
[243] Id. at 80
[244] Id. at 82
[245] Id. at 84
[246] See Clarke, supra note 71; Rotenberg, supra note 173 (using the phrase “privacy enhancing techniques”); Herbert Burkert, Privacy-Enhancing Technologies: Typology, Critique, Vision in Technology and Privacy: The New Landscape 125 (1997) (regarding an overview).
[247] Clarke, supra note 71.
[248] Id.
[249] Id.
[250] Id.
[251] The author acknowledges that it would be possible for an individual or an organisation to undertake individual tagging of addresses in similar scenarios but at least that would take time to complete and the time taking would in itself provide some form of limited protection.
[252] See Zittrain, supra note 135, at 118.
[253] Id. at 104.
[254] British Broadcasting Corporation, Guidance Note: Personal Use of Social Networking and Other Third Party Websites (Including Blogging and Personal Web-Space), http://www.bbc.co.uk/guidelines/editorialguidelines/assets/advice/personalweb.pdf (last visited May 19, 2009).
[255] Id. at 5.
[256] IBM, IBM Social Computing Guidelines: Blogs, Wikis, Social Networks, Virtual Worlds and Social Media, http://www.ibm.com/blogs/zz/en/guidelines.html (last visited May 19, 2009).
[257] Australian Public Service Commission, Circular 2008/8: Interim Protocols for Online Media Participation, http://apsc.gov.au/circulars/circular088.htm (last visited May 19, 2009).
[258] Information Commissioner (UK), Using Social Networking Sites Safely, http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/social_networking_v04_final.pdf (last visited May 19, 2009).
[259] Office of the Privacy Commissioner, Your Privacy Rights FAQ, http://www.privacy.gov.au/faqs/ypr/#social_networking (last visited May 19, 2009).
[260] UGC Principles, Principles for User Generated Content Services, http://www.ugcprinciples.com/ (last visited May 19, 2009)
[261] The UGC Principles have a limited consideration of privacy protection issues for individuals and focus mainly on protecting the interests of copyright holders. For instance, Principle 10 states
Consistent with applicable laws, including those directed to user privacy, UGC Services should retain for at least 60 days: (a) information related to user uploads of audio and video content to their services, including Internet Protocol addresses and time and date information for uploaded content; and (b) user-uploaded content that has been on their services but has been subsequently removed following a notice of infringement. UGC Services should provide that information and content to Copyright Owners as required by any valid process and consistent with applicable law.
[262] See Butcher, supra note 92.
[263] See Owad, supra note 97.
Thanks to Google Maps (and many similar services) a street address is all we need to get a satellite image of a person's home. Tempted as I was to provide satellite images of the homes of the search subjects, it just seemed a bit extreme even for this article. Instead, I opted only to pinpoint the centers of the towns in which they live. So at least you'll know that there's somebody in your community reading Critical Thinking or some other dangerous text.
[264] Similar criticisms relating to the Gawker staff can also be raised as they seem acutely unaware of the privacy issues arising from Gawker Stalker. See Videoshift, Kimmel Takes on Gawker Stalker, http://www.videosift.com/video/Kimmel-Takes-On-Gawker-Stalker (last visited May 19, 2009) (regarding Jimmy Kimmel’s interview with Emily Gould, the then editor of Gawker, on the Larry King show); Freydkin & Barker, supra note 138
But Gawker editors were "totally taken aback by the big whole to-do" over the maps, says one of them, Jesse Oxfeld. "We thought we were using a cool new tool, adding a new element" that didn't provide additional information. Stalker sightings, which have always come with a none-of-this-is-verified disclaimer, have typically included specifics; it's just that now they're presented in both visual and text form. The uproar was "hysterical," Oxfeld says. "We had Access Hollywood saying we're destroying celebrity lives." And since the maps — and the PR mayhem — started, sightings have increased, he says.
[265] See Zittrain, supra note 135, at 118.
Enduring solutions to the new generation of privacy problems brought about by the generative internet will have as their touchstone tools of connection and accountability among the people who produce, transform, and consume personal information and expression: tools to bring about social systems to match the power of the technical one.