Via The Parallax
By: Kristin Burnham
Last month, North Carolina teenager Macy Smith credited a GPS tracker on her phone, along with a Bible within reach, for her survival after she lost control of her car during a heavy rainstorm. It hydroplaned, flipped, and slid down a ravine, pinning her below it. Hours later, her family used the Find My Friends app to pinpoint her location.
Smith, who suffered neck and nerve injuries from the crash, was lucky that her phone, which she couldn’t reach, had battery power, cellular connectivity, and an active location-tracking app that she’d shared with loved ones. For parents terrified about what might happen when their fledgling drivers hit the road without them, an always-on car-tracking device can help alleviate a fear or two.
By tracking details like location, speed, and sudden braking, these devices can help people keep tabs on where and how their cars are being driven, not to mention whether their teens are obeying curfews. On the other hand, privacy experts caution that car trackers can be used to stalk, intimidate, or otherwise invade drivers’ privacy.
“The No. 1 thing people should remember is that once data exists, it can be a challenge to keep it secure and private,” says Nate Wessler, staff attorney with the ACLU Project on Speech, Privacy, and Technology. “A long-term record over time can give away information about which doctors you visit, which people you spend time with, people’s love lives, and more.”
This data might be valuable to a number of parties: data brokers and marketers, which may gain access to it through corporate data-sharing partnerships; law enforcement agencies, which often (but not always) need to obtain a search warrant to access it; and hackers, who find ways to access it through unsecured cloud storage or data leaks.
“Individual location data is incredibly valuable to companies who are trying to serve up ads and do marketing analysis,” Wessler says. “People should not have their location data leaked in that way without express consent and full knowledge of what’s happening. Location data is part of a huge gray market of data brokers who are packaging it and reselling it to end users.”
Before purchasing a GPS tracker, Wessler advises gathering some data yourself. Read the company’s privacy policy for information on whether it resells or shares user data with third parties, how long it retains data, and what measures of security and privacy it has in place.
Another important consideration, he says, is the legality of installing such devices. According to a report from the National Conference of State Legislatures, it’s legal for individuals to install GPS tracking devices on vehicles they own, either as a private citizen or as an employer.
It’s generally illegal to install GPS-tracking devices on vehicles you don’t own, though you may be able to legally install one on the car of someone (like a child or an incapacitated adult) for whom you are a legal guardian.
The privacy and security concerns of these devices are not unlike those associated with mobile devices and vehicles’ built-in GPS capabilities, Wessler notes.
“Unless you turn these settings off, the phone you carry with you in the car is already tracking your location,” he says. “Modern cars have GPS-enabled systems with mapping functions. Think twice before purchasing other devices that do the same thing—but know that there are things you can do to help ensure that you data is safe.”
If you’re in the market for a car tracker, you might feel a sense of relief hearing that some of today’s best-selling devices (listed below) have a privacy policy that indicates safe data practices, including detailing security tools and disclosing how they use customer data. That said, the policies often prioritize corporate flexibility over technical specificity, says Kendra Albert, clinical instructional fellow at Harvard Law School’s Cyberlaw Clinic.
“Companies that have reasonably good practices for notifying consumers of privacy policy or terms of service changes tend not to make them incredibly specific,” Albert says. “Vagueness can provide companies flexibility to do legitimate things with data that consumers don’t need details on, such as switching from [Amazon Web Services] to another provider.”
Filed in: In the News
Tags: Cyberlaw Clinic, Kendra Albert
Contact Office of Clinical and Pro Bono Programs
Website:
hls.harvard.edu/clinics
Email:
clinical@law.harvard.edu