Oskar Galeev, a PhD candidate at the Alperovitch Institute for Cybersecurity Studies, argues that the evolution of geolocation technologies has been driven by a combination of commercial and security interests and has resulted in the transformation of cyberspace and information security in recent years.
In a debate held at Johns Hopkins University in 2014, a former director of the CIA and of the NSA, Michael Hayden, uttered a statement which ultimately went viral: “We kill people based on metadata!” While the controversy this provoked primarily concerned questions of civil liberties and intelligence oversight, the point that Hayden was trying to make was really about how advanced and fault-proof the technology has become, especially when one’s organisational goal is to identify and locate someone on the planet. But this is a very recent capability. It coincides with the age of smartphones which can show a user’s location on a multitude of maps and satellite pictures and, for the first time in human history, provide an accurate and live mapping of entire countries. It is so new that users and scholars alike find it hard to wrap their head around its revolutionary implications.
Modern geolocation is not one single tool, but a vast group of technologies including Global Navigation Satellite Systems (GNSS) like Galileo or BeiDou , telephony protocols used by our smartphones for connecting callers and location data traded by mobile APPs without our explicit consent or knowledge. Locating devices, and therefore, their users has become exponentially cheaper in recent years. And most of us, including information security practitioners, know very little about who can obtain access to our real-time location data.
After 2005, when Google Maps hit the market and a long period of GPS monopoly ended with Russia's GLONASS reaching full global coverage, the smartphone revolution led to an explosion of access to geolocation data. Unlike the early GNSS signal receivers, which only passively calculate their position, mobile phones now actively send their location data to the carrier network to enable location-based services such as road navigation or delivery services.
Alongside obvious applications where we want our real-time location to be shared, multiple other, often undesirable uses of location data emerged in the 2010s. Location aggregators and data re-sellers joined a massive global market of location data, valued today at more than $30 billion. In many cases the location data of mobile subscribers is sold to dozens of third-party firms in a shady and largely unregulated market.
This explosive growth in access to location data has been driven by both commercial and security interests. While companies and advertisers are mostly interested in our movements for location-based marketing purposes, emergency services often rely on this data to provide immediate help, and intelligence agencies identify targets from aggregate user data. But in all these cases, by constantly transmitting our location data we make our behaviours trackable, becoming much less anonymous in cyberspace than we like to believe.
Geolocation is here to stay. The applications and limitations of the technology, however, might change as it becomes increasingly perceived as a security issue. The rise of the Internet of Things (IoT) and a skyrocketing number of connected devices means that it is not only phones, fitness trackers and cars that can provide valuable customer data. Any future connected wearable devices or “smart home” and “smart cities” solutions will further blur the line between commercial and non-commercial geolocation surveillance. If previously the web Geographic Information System (GIS) and navigation tools essentially utilised military space infrastructure t for commercial ends, e.g. real-time traffic data enabled by GPS after the end of Selective Availability, now it is rather commercial applications of location data that are being used for political and security ends, as in the case of Angry Birds APP location tracker hijacked by the British GCHQ (official intelligence, security and cyber agency) .
The movement between the worlds of commerce and security is driven by the changing economic balance between “searching” and “hiding”, aka geolocating and avoiding being geolocated. Since the 1950s, throughout the expansion of geolocation infrastructure (including non-Internet based ones such as SS7 telephony protocols) and techniques, the costs of locating something or someone on Earth have continued to plummet. The costs of hiding, on the contrary, shot up in the smartphone era as geolocatable devices became indispensable in our everyday lives. More importantly, the triviality of obtaining individual geolocation data allows scaling and cross-referencing movements in space to infer relationships between people, their social networks, habits and predictable behaviors. And if the NSA CO-TRAVELLER tracking programme used this metadata to identify a potential suspect’s contacts, private data analytics firms use the same pool of data and techniques to develop new services or personalised advertisement.
Technology itself is truly neutral. Much less neutral are the political implications of a geolocatable world for individual privacy. Consistent legal treatment of geolocation data as metadata is understandable - it is not “your” data in the same sense as your files or private correspondence are; it is simply data “about” you. But when gathered and analysed at scale, even anonymised geolocation data reveals your past activities, where to find you now and where you are likely to be in the future.
Geolocation has quietly become one of the most powerful—and least understood—technologies shaping our lives. As tracking technology becomes cheaper and more precise, governments, corporations, and even private data brokers are scrambling to define who controls location data and how it can be used. The big question is: should geolocation data be treated as a public good, a commercial asset, or a sensitive piece of personal information? Answering this question will have lasting implications for the future of digital governance.
Photo by Alexandru Ilina on Unsplash