Location Privacy Legislation is Move in Wrong Direction: Part 2 – Stalking and Domestic Violence

Domestic violence awareness ribbon

In my first post on the Location Privacy Protect Act of 2012 I addressed the claims that the legislation is necessary because some companies may share a user’s location data without that user’s knowledge and some companies may share location data about children without their parent’s knowledge. In this post, I will address Sen. Franken’s argument that this legislation is needed to prevent domestic violence abusers from using “stalking apps” to track their victims.

The attempt to link honest uses of location data with domestic violence is a bit disheartening. Let’s face it—nobody is against preventing domestic violence so this unnecessarily makes a rather technical debate about a deeply emotional issue. But because this claim has gotten a lot of attention, I want to dig into it a bit and address it on its merits.

First, for all the talk about this problem, the evidence for the use of stalking apps by stalkers and harassers is somewhat thin. There are some notable cases of victims being stalked but it is not clear how prevalent this is in practice. However, given the increased use in smart phones, I would suspect that it is accurate to say it is increasing although by how much is unclear. The only study that has looked into this question in detail is a report from 2009 using data from the 2006 Supplemental Victimization Survey that was conducted by the Bureau of Justice Statistics in the Department of Justice.  This study reported that around 10 percent of stalking victims who are electronically monitored are monitored using GPS. The problem with this figure is that this particular estimate is based on a very small sample. In fact, of the 65,272 respondents who completed the survey, only 8—yes 8—of these individuals actually reported being tracked by GPS.

In contrast, a significantly larger percent of stalking victims reported other types of electronic monitoring, such as digital cameras and listening devices. Why aren’t these other technologies being regulated by the federal government? The reason of course is that there are many legitimate uses for these technologies

But the same is true for location-based tracking. There are many legitimate uses for location-based tracking. One legitimate use is to prevent theft or loss using tracking software that works like Lo-Jack. Consumers may use tracking software to find a lost or stolen mobile device, car owners may want to track a stolen vehicle, and even bicyclists may want to track a stolen bicycle. And it isn’t only “stalking apps” on mobile phones that can track locations in real-time, other devices do this as well.  For example, the Zoombak is a small GPS-based tracker that retails for around $50 and lets anyone with a computer track a person, pet, or vehicle in real-time.

Even on mobile devices, many of these so-called “stalker apps” have perfectly legitimate uses, such as to allow parents or employers to engage in lawful monitoring. Businesses commonly use monitoring tools on company-provided devices to prevent misuse. A 2007 survey by the American Management Association found that approximately two-thirds of employers monitor Internet activity, 45 percent track keystrokes, and over 40 percent monitor email. For example, some companies monitor their mobile employees to make sure they are actually working while they are on the clock.  These same types of tools are also common for parents to monitor their children (or children to monitor their elderly parents) and ensure their safety. For example, AT&T offers a mobile service “FamilyMap” which allows individuals to monitor the location of family members using the cellular phones. Parents might use this app to make sure their children arrive home from school safely or abide by a curfew. Or families where one member suffers from an ailment like early-stage Alzheimer’s can use these tools to keep track of the other’s whereabouts through mobile tracking. These types of software and services are clearly not intended to be used to stalk others (and, for the record, stalking is explicitly prohibited by the terms of service), but it could be used for this purpose. Indeed, in a 2010 Wall Street Journal article about stalking via GPS one stalker even admitted to using this service for this purpose.

And this gets back to the main problem with this legislation—it appears that it would be completely ineffective at preventing an actual stalker from using location-based tracking. This legislation would not outlaw all types of tracking devices. Consider a device like TravelEyes which can be installed in any vehicle to track and record its movements using GPS. This type of device would not be restricted by the Act although this device was used by a stalker to track his estranged wife.

More importantly, even with this legislation the “stalking apps” would be permitted.  For example, one routinely cited example of a “stalking app” is ePhoneTracker, a mobile app available for Android, iOS, Blackberry, Windows Mobile and Symbian mobile operating systems.  This app is advertised as software that can help parents monitor their children’s behavior and companies monitor their employees’ activities by silently recording all phone activity including text messages, call information, GPS location and Internet activity. Yet even though this is the type of app targeted by this legislation it would be allowed under the various exceptions granted in the legislation. The legislation includes an exception both “to allow a parent or legal guardian to locate a minor child” and “to protect the rights or property of the cover entity…” This type of app would also be allowed to be sold if the company obtains consent from the user. This means, for example, that a stalker could falsely provide this consent, either by falsely claiming to be someone else (such as impersonating a spouse) or by installing this on a shared device. Presumably a stalker who is already committing a criminal act would have few moral qualms about committing minor identity fraud. In addition, even if Congress is able to successfully regulate companies that offer location-based tracking software, services and devices, it will likely find it much more difficult to regulate freely-distributed software. Even if it was illegal to sell these apps, this legislation would do nothing to stop someone from releasing a free, open-source “stalking app” or a similar app marketed using different terms, particularly if the app was hosted on servers in another country.

The legislation also falls into the unfortunate trap of trying to regulate the collection of data rather than specific uses of data. Stalking is already illegal in all 50 states. If there are deficiencies in these laws, then we should have a conversation about how these statutes should be modified so as to ensure that if someone stalks or harasses someone using electronic monitoring they face criminal penalties. But rather than banning location-based tools, it would be better to make location-based tracking part of the solution. States should consider how to use GPS tracking devices to protect victims of domestic violence. At least twelve states already have laws that require certain offenders to wear a tracking device so that police and victims can be alerted if the offender violates a protective order. In this way the stalker’s location can be tracked.

Nobody wants to minimize the importance of protecting domestic violence victims—this is a serious problem that deserves an equally serious response—but there is no reason to link it to a debate about mobile privacy.

Print Friendly

About the author

Daniel Castro is a Senior Analyst with ITIF specializing in information technology (IT) policy. His research interests include health IT, data privacy, e-commerce, e-government, electronic voting, information security and accessibility. Before joining ITIF, Mr. Castro worked as an IT analyst at the Government Accountability Office (GAO) where he audited IT security and management controls at various government agencies. He contributed to GAO reports on the state of information security at a variety of federal agencies. He has a B.S. in Foreign Service from Georgetown University and an M.S. in Information Security Technology and Management from Carnegie Mellon University.