Sunday, July 21, 2013

MapMooc, a Location Anonymity Index, and a World Connectness App

I have "audited" several MOOCs, hanging in there a bit before dropping out because I have just too much going on at work. I am now taking a geography MOOC (, and doing it with a  group of Vanderbilt colleagues, which I think will help complete this course. That I loved geography as a kid will help, and that I have a class project in mind will help too -- of creating a map of digital learning resources across the Vanderbilt University campus; I think I will end up using crowdsourcing to create this thematic map, with graduate student, staff, and faculty input.

My wife and I listened to a couple of intro lectures while packing up in Bellevue, WA before returning to Nashville. I spent most of this morning reading course material and reflecting on some of the course questions for Week 1, and contributing to the discussion board. Here are some of the questions.

1) What is scary about potentially losing control over your geospatial privacy?

2) What are some positive things that could come from openly sharing your personal location with others?

3) What about geospatial privacy has really changed over time? 200 years ago, would it have been possible to live in your current location without your friends and family knowing where you were most of the time?

Given that the number of discussion board posts is huge, it seems like a reasonable strategy is to join a "temporally local" cohort of discussants, so I contributed to another thread begun just this morning, then went to a couple of "suggested" threads based on keyword matches, and started my own thread on defining a "Location Anonymity Index" (LAI) in answer to question (3) above. As you might guess, as a computer scientist, I am very inclined towards developing metrics like the LAI for all kinds of things. Here it is with modest revision of my MOOC discussion board post.

3) What about geospatial privacy has really changed over time? 200 years ago, would it have been possible to live in your current location without your friends and family knowing where you were most of the time?

Much of my time is spent at work and home, and I think that the number of people who know precisely where I am for a large amount of time, is NOT that different from 200 years ago. In theory, there might be some people who I don't know (e.g., in government agencies), but who know or can access my location from social networks and cell phones, so the theoretical possibilities about location awareness are certainly different now than from 200 years ago. Also, a trip across town or across country would have left my precise location uncertain for long periods of time 200 years ago, and these intervals of location uncertainty are very much shorter today.

All considered, I wonder if it's reasonable to define a "location anonymity index" (LAI) that represents the expected error in OTHER PEOPLES' GUESSES of MY location (at particular times or across all times). A impractical way of computing my location anonymity index is to ask each person (on Earth!) where I am located and then measure the average difference between where I really am (known by an oracle) and where each person guessed I was. There are all kinds of complications to be worked out, like how "I" am identified (e.g., by name, by picture, by driver's license #, etc), and how "my location" is identified (e.g., at what grain size -- region, city, GPS,…? how difference between each guess and my actual location is measured?).

By this theoretically possible, but practically impossible measure, my location anonymity index (LAI) has probably not changed much in the past 200 years, because the vast majority of other people would be making wildly uninformed guesses, BUT ALSO because the much fewer "interested-in-Doug" persons (my wife, family, co-workers, friends) would make very accurate guesses on my location the vast majority of the time (Doug is home at …, Nashville, TN; Doug is at work at Vanderbilt), so even if we reduce the number of people who we ask to guess my location to those who are "interested", my location anonymity index probably doesn't change much over 200 years if measured in this way.

I think its interesting and important to consider the case where we change the computation of a location anonymity index (LAI) from simply asking people "cold" (uninformed), to the case where we allow each person to use technology available to them (e.g., Google, Bing, libraries, newspapers, supermarket rewards programs) to find important facts about me (e.g., home, work, blogs, …) BEFORE their guess on my location. This variation gets much closer to measuring the "worst case" situation where someone might be looking for me that wants to cause me harm.

In this latter variant, there is a huge difference in my LAI between now and 200 years ago, EVEN when the computation takes into account uncertainties that have to do with my "identity" (e.g., there is more than one Doug Fisher, in the world, in the US, in academia, in Nashville, etc … and this illustrates another point, which is that a LAI should take into account uncertainties in the extent to which my identity can be isolated).

Returning to questions of "geospatial privacy", which variants of LAI would be intended to measure under different assumptions, I'm not too scared about this -- I share lots of information on the Web that is intended to lessen my geospatial privacy, in particular to lessen the LAI as I conceptualize it. Nonetheless, I have been talking so far about the "average" LAI as a measure of "geospatial privacy", whereas I think most people worry about the "worst-case" -- what if someone with ill intent could locate me or who happened upon my location? Again, my latter variant of LAI with technology-informed guessers is intended to capture this worst case. In this regard, I may become much more worried about geolocation privacy as mobile technology continues to develop. For example, I recently took a photo of the Seelback Hotel lobby in Louisville, KY, and when I posted on Facebook I was prompted to tag (label) the face on an anonymous passersby who appeared in the photo!!!

Technology already exists that would allow the computer itself to do the tagging in that photo and other photos, and that possibility is unnerving, but I see some possible upsides for for giving up geospatial privacy. I am thinking about some of the positive messages conveyed by travelers like Rick Steves on world connectedness. But I also think that even some of the very unnerving possibilities like automated computer labeling of faces have some neat possibilities. I imagine jogging in Centennial  Park in Nashville TN 10 years from now, and having my wearable smart glasses tell me that it "thinks" I've seen that same passerby in Centennial Park, at the Vasa Museum in Stockholm, Sweden 5 years previously. I know this sounds scary too, but I find something in that level of connectedness to other people quite intriguing.

That said, I am a lot more worried about privacy along other dimensions, such as health care (probably for reasons that are specific to the US relative to much of the rest of the World) and finances/banking privacy. 

No comments:

Post a Comment