Geotagging and Location Based Services Privacy Concerns

Geotagging and location based services are exploding and universities must address the privacy and security issues in their mobile computing strategies. Additionally, colleges and universities should take deliberate steps to help students and their employees better understand how to manage the privacy of their location when using GPS enabled devices, geotagging and location based services. But it doesn’t end there.

What is Geotagging

Geotagging is when the information about your location is stored in the form of latitude and longitude inside the file of a digital photograph. In basic terms, the photo is tagged with the GPS coordinates of the location where the photo was taken and stored in the metadata of the JPEG which you can inspect using an Exif Viewer. This process happens by default in nearly all camera phones .

Geotagging is a big part of what now allows search engines and other applications to display photos on their maps like these from Google Maps for Iowa State University.

Iowa State University

I am pretty sure at least one of these photos is not from the ISU brochure.

Student Privacy Concerns

Location awareness is a powerful capability that can be used for a lot of great things. But it would be naive to ignore that location awareness can also be used for evil. Sometimes examples are more useful than a narrative. So I fired up Bing Maps and loaded the Twitter Maps application to search on some selected colleges.

Odessa College

Odessa College’s recent Tweets include one student’s disappointment in having to drop out, another complaining about a boring teacher, and one student calling out another for her exposed love handles in class. I have shown them here because they are already public and to illustrate a few points.

Odessa College Tweets

This is only a sampling and there are certainly a few others that might be a bit more shocking and offensive including a weekend long series of Tweets by one football player. Which is partially the point.

Another point of this is to demonstrate the ability of a college to monitor social media in a different context perhaps for crisis intervention, detect cyber bullying or identify student assistance needs.

There is also a student safety point to be made where colleges might advise students to disable the GPS function or Location Services on their phones and warn them of its risks just like you warn them of malware and phishing attacks.

Since this post is not intended to show you how to become a stalker I will simply say that campus safety officers and perhaps the IT department ought to have some awareness of how Tweets can lead to such things and worse.

Just be careful implementing social media monitoring tools to avoid issues of surveillance especially if you are a public entity, and especially if it pulls in employees. And just to be clear, I am not advocating you do any of this.

Iowa State University

For Iowa State University I used Bing’s Twitter Map to just show recently Tweeted photos. Here are just a couple of photos from President Obama’s visit back in August.

Iowa State University Obama Visit

Again, this is just one example and just one source of locating images from any given campus. Just to stick with Twitter for another illustration sites like PicFog overcome some of the limitations of the Twitter Map application. (Caution: Just be careful when using tools like PicFog at work since it is unfiltered.)

One recent search I ran looking for some data center images produced some interesting photos of the data center at a major university in Ohio by a bored sysadmin late one night. The reason I share this is because in the world of social engineering sites like PicFog can be incredibly useful in finding then tracking targets.

What are Location Based Services

Location based services are mostly associated with mobile applications that incorporate the use of location awareness for the users geolocation to drive the service being offered to the user.

Some popular location based mobile applications that make use of the user’s location include a variety of meet-up and check-in applications like Foursquare. Which reminds me, do you know who is the FourSquare “mayor” of your college or university?

But there is a growing list of other location based mobile applications for local search, targeted advertising, and even avoiding traffic jams and finding a mate with many students already using FourSquare to locate classmates and study partners.

Institutional Privacy Concerns

Colleges and universities must exercise due care when implementing mobile applications so that they can continue to comply with federal and state privacy laws and conform to their institutional values and privacy policies.

Remember – ignorance is no excuse and that includes the possibility your mobile application is likely to be considered a website requiring it to comply with the same privacy laws as your main website.

The privacy complexities for mobile applications is not limited to many of them the capturing location data but that many may be required for classes. This may prevent a student from being able to opt out and creates an additional layer of data protection and retention for the institution.

Since this post is about location based services let me ask if a student use your mobile applications with their location services disabled? If not, why not?

Clearly if you are using a platform such as BlackBoard Mobile Central or Ellucian Mobile Connection to deliver your mobile applications you have access to the user location data if it is enabled.

What is not clear to me from reading each companies’ websites is what happens to the location data if you are using BlackBoard Mobile Learn or Ellucian Mobile Access. I will say I could not find the privacy policy for BlackBoard Mobile Learn online covering the central web services which I went looking for because of questions on their FAQ’s answer to a FERPA question that seemed too good to be true.

Since it appears a phone call is required I will save that for another day and encourage you to find out for yourself.

This entry was posted in Privacy and tagged , , , , , . Bookmark the permalink.

1 Response to Geotagging and Location Based Services Privacy Concerns

  1. Pingback: Cyber Security Awareness Month Planning

Comments are closed.