LAND JOURNAL

Ambient location and data privacy

Google’s geospatial technologist discusses the privacy of our data, ambient location, and why bus stops are outdated

Author:

  • Ed Parsons

08 September 2020

Q: How would you define ambient location?

EP: It’s something I’ve been interested in for years, something that has really developed as a capability with the emergence of smartphones. When we’re using smartphones for any location-based services, be it for navigation or even just geocoding our photographs, those devices can contribute anonymously information to show how we are moving around the world. This then provides someone that wants to design a new system with the capability to see how people are moving around in real time. 

It’s hopefully clear to most people that capabilities are tied to the phones themselves, GPS, wi-fi, or other sorts of technology, but less obviously there’s also important work going on behind the scenes. Most importantly we want to make sure the data about people's location stays private. There’s something called different privacy which we apply to large data sets to make sure that within that data set no individuals are identified. And you can see that most obviously represented when you’re driving, for example. If you’re using Google maps for directions you’ll see all the roads in different colours representing the average speed on any particular section of road. That information is coming from individual mobile phones anonymously providing traffic information.

Q: So each individual’s information is not that interesting, but when you look at a million people’s information on a certain day, is that when the data starts to become useful?

EP: Exactly. There’s definitely a value in the population as a whole providing that information. And we work hard to make sure that if you were the only person who travelled between your home and RICS headquarters that wouldn’t be represented in the data set. We don’t want to identify an individual and your journey is probably not particularly meaningful. We probably want to know the average traffic along any particular section of road. We often look at degrading or aggregating the information over both space and time: we may only be interested in this 10-minute period, not for an individual or a specific journey, but for this particular road. By abstracting that information, we get a global view of the world. It’s similar to a census – we take a statistical sample of what’s going on. Only people that have opted in to have their location history stored in Google maps are contributing – and you have to explicitly opt in to do so. 

Q: How does contact tracing work? 

EP: We prefer to use the term exposure notifications. We have made a conscious decision, with Apple, that the sorts of information that are created is very limited. Specifically, no geospatial information is captured if you’re building your app using the Apple Google framework. It prevents you from capturing information from your GPS because we’re not interested in where you met someone that is a potential carrier of COVID-19 only that you met them. It’s based on very localised proximity – that is, if you’ve been within a few metres of someone that has then been identified as a carrier of COVID-19. We don’t need to know where that took place. 

Q: And does it work? 

EP:  There’s some evidence that it has helped in South Korea and Singapore where people have used contact tracing, both traditionally, which is people phoning up and interviewing you, and where that’s been supplemented by an app like this. But in Europe, particularly because quite a high proportion of sufferers are asymptomatic, I think it’s probably too early to say. No one has really deployed this at scale yet to be able to say with confidence whether or not it’s helping. We assume that it will but at this point we’ve done our bit in creating the framework. It’s now up to the public health professionals to see if this is a useful tool. And perhaps it isn’t, this might be the wrong type of virus for contact tracing to work.

Q: Do you think there are any countries that have managed contact tracing well?

EP: I think you’ve got to look at South Korea or Taiwan where, because of the SARS outbreak in 2002-04, they had a much better sense of how to deal with these viruses. They very quickly had in place mechanisms to quarantine and isolate outbreaks before they really grew into the population. In the rest of the world we were just not ready for that. They had some of the infrastructure of which contact tracing is a part, so they were ahead of the curve. 

Personally, I think with the potential of a second wave we will be in a better position to deal with it because we’ve got some experience. But the more profound problem is that we’ve been working with a lack of data. And that’s something that every government and every organisation needs to work harder at, because fundamentally the way to react to these type of crises is to have the relevant data to hand and then you can make decisions. Of course, I understand why some people may be nervous about that and I think that in a crisis there are no good decisions, we just make the least worst decision. What you might want to do with this technology is, for example, to impose a geofence to quarantine people. That might well be something we agree to during an epidemic like this but that’s not a capability you would want to continue after the crisis. 

My concern is that we need a mechanism, if possible, to put these capabilities back in the box when we no longer need to use them, or at least to be aware of the potential downsides of these technologies. They may be appropriate now but not when we go back to normal. And that’s quite a nuanced decision because there are huge advantages in having the technology available for many types of applications. It’s just become much more visible to people as a result of COVID-19. We’ve made some decisions about deploying the technology to fight the outbreak but we need a broader contextual vision and a wider conversation in society to ask “How many of you want to continue using this?” “What’s the value of it?” and “What are the downsides?”

Google carried out 2 major activities during the outbreak from a geospatial point of view. First was to roll out the community mobility report which looked at ambient location information and then we abstracted it to find out how people were changing their behaviour week to week for each county in the UK. You could see how people were behaving differently in Greater London last week compared to, say, January. People were moving about and using public transport much less. More people are now going to the shops than 3 weeks ago and so on. And that’s really useful for decision makers. And it’s based on that same location history from people using Google maps. When we introduced them there was quite a lot of interest. People asked “What’s happening here? Is Google spying on you?” So we had to be careful in communicating exactly what was happening and show all the mechanisms we had put in place to maintain individual privacy. And it was a capability that had been there for many years inside Google maps but suddenly as a result of making these statistics available, people are noticing it.

I think what’s really changed, partially as a result of mobile phones, but also all of us contributing to information on the internet, is this: initially geospatial information was traditional and you had a restricted supply of geospatial information that came from Ordnance Survey or HM Land Registry, authoritative sources of information. And it tended to be about static objects or features, such as buildings, roads, curbs, lampposts, things that you might walk into or trip over. But in the past 10 years it’s become real-time information about people as well as infrastructure. And a lot of that information has come from people publishing or contributing information. That’s quite a big shift in the industry. Often we’re more accepting of the “things you might trip over” world view. But if you think about smart cities or changing mobility patterns it’s all about people not about buildings.

Q: What happens to people who don’t have smartphones during COVID-19?

EP: One of my concerns about the use of this technology from a societal point of view is that there’s an equability issue because not everyone has a smartphone. If you look around the world, and we’re always interested in global solutions, there are hundreds of millions of people that don’t have smartphones or access to the internet. We need to ensure that whatever we deploy as a service or to mitigate against the virus has to work globally. There could be an economic case to give everyone a smartphone because the value of being able to make sure that everyone is participating in contact tracing and the ability to communicate with them means it’s worth buying them cheap smartphones and paying for a data contract. These are the types of discussion we need to have. And as technologists with 100-dollar smartphones in our pockets, it’s easy to forget we are not representative of the broader population.

Q: How do we deal with eradication?

EP: I think there’s a wider principle that most people are following now that you only take the minimum amount of data that you need for your service. And you have to look really carefully at the historical elements of that data. Do you really need to be storing someone’s location history 2 years after they have been travelling? I’ve been consciously storing my location history for about 10 years now because I like to be able to go back and look at where I was on a particular date or which hotel I used last time I was in Lisbon and I can go to my location history and find out. That’s my conscious decision. But if you’re not really thinking about it it’s probably not appropriate for a company such as Google to store that data any longer than you’d be looking at it. So for services like that there needs to be a mechanism that automatically deletes data if people don’t want it stored. And for COVID-19, or other services that have a temporary requirement, it should be part of the design that the data is destroyed after use. 

I’m not an epidemiologist but many of them say it’s quite useful to have that data for the next 20 years so we can do research which will take a long time. So you might want to keep the data. The important thing is to have those discussions and to think that the data has been created, it’s being stored somewhere and I shouldn’t forget about it just because I’m not thinking about it. There should be a mechanism that puts in place some sort of process by which the data is managed or deleted – something happens to it, it isn’t just sitting there. And wherever data is sitting unmanaged, there's a risk that it could be exploited in the wrong way.

Q: Is there anything else other than geofencing that you’re concerned about?

EP: I like the analogy of the fire alarm, you break the glass to start the fire alarm. But then it’s broken and it's hard to put it back. The geofencing is something that I'm very concerned about, it does make a lot of sense. I can understand it for managing quarantine as it's done in, in Hong Kong, for example. But you wouldn't want to use that in traditional criminal law as a way of imposing house arrest on people. Or would you? Maybe it is appropriate, it could be a cheaper solution than building more prisons. But it's something that I think society needs to have a reasonably informed discussion about. Everything that you put on the internet you are publishing and we need to think about that. That data is now on the internet for other people to use.

Q: How do you see the future of ambient location?

EP: You know, there's a theoretical case study related to this ambient location information idea. Your mobile phone has got lots of clever sensors used for some trivial uses. For example, there's a very sensitive accelerometer that is basically used for the phone to work out when you pick it up. When you pick the phone up the screen switches on automatically.

That accelerometer could be used to monitor earthquakes, because it's that sensitive. But that's not a use that you've agreed to, at any point, so we would have to ask for explicit consent. There's an argument that explicit consent prevents innovation, because sometimes you haven't thought of how you might want to use data. There are no black and white answers to this. I think we need to have those conversations and understand that this isn't simple. And sometimes this data could have value. In emergencies, we're happy to share our location with the emergency services. But we wouldn't want to share our location with emergency services when it's not an emergency. We need a mechanism that knows when this is and when it isn't an appropriate time to share information about my location.

I think slowly, we will start to see more of these sorts of information products that are based around this idea of ambient location emerge, because from a public governance point of view the information is just too useful. We will need to work our way through the very valid concerns that people have from a privacy point of view, explaining what is happening. This is how your data is being used. This is how we're managing processes. But if the Greater London Authority or New York City, for example, could run their metro systems more efficiently because they knew when people were moving around the city in real time, then everyone would benefit.

I often use the bus stop as a totem for how little information we actually have. A bus stop represents the fact that I as a passenger don't know where the bus is. So I go to a bus stop, which is an agreed point to meet it. And the operator of the buses doesn't know where I am, and therefore uses a bus stop as an agreed place to pick people up. But today, I know where the buses are, the buses know potentially where I am, in the same way that Uber operates. And if you could apply some of the technology behind Uber to the way buses operate, buses could be scheduled more efficiently to meet real passenger demand integrated with other types of mass transit, the equivalent of car hire, but also with bicycles and electric scooters, in a more holistic sense. If we had data behind those services, it could be much more efficient than the current system, which fundamentally hasn't changed since Victorian times.

eparsons@google.com

Related competencies include: Big data, Smart cities

Related Articles

PROPERTY JOURNAL

go to article How does RICS regulate and support valuer judgement?

PROPERTY JOURNAL

go to article Exercising professional judgement in valuation practice

LAND JOURNAL

go to article New technology can support natural capital valuation