Protecting Users’ Location Data From An Unconstitutional Search

Editor’s note: Eric Gundersen is the CEO of Mapbox.
Location data is highly sensitive. It contains information about where we live, our daily habits and our network of friends. We discover new places to go; avoid traffic on the way there; swipe to meet new friends once we’ve arrived; and even turn up the thermostat before we get home. When data knows this much about us it requires careful protection.
The U.S. 4th Circuit Court of Appeals is likely just weeks away from a major ruling on whether the Fourth Amendment protects a user’s data, and developers need to be prepared for whatever decision comes down.
There are clear technical approaches to securing location data. Data must not only be anonymized and aggregated, but also secured with techniques like on-device encryption and tamper-proof hardware security keys. Measures like these can protect against unauthorized access. But what happens when the authorities tell you to remove those safeguards, unlock those keys and look at that data?
We live in a climate of heightened government interest in personal data. We need to recognize this, and to design our systems with unavoidable government intrusion in mind. An ACLU records request of 250 police departments nationwide found that “virtually all” respondents said they track cell phone location data maintained by cellular companies, and “only a tiny minority reported consistently obtaining a warrant and demonstrating probable cause to do so.”

Developers who deal with location data have a responsibility to protect user information to the full extent of the law.

The hard work of law enforcement officials protects our safety and security, but this type of data seizure is unconstitutional. The Fourth Amendment requires police to get a warrant before searching private places or documents for everything short of major emergency scenarios. The warrant requirement ensures that officials demonstrate “probable cause” to an independent judge before conducting a search, in a process that mandates a specific description of the information they’re seeking.
Law enforcement officials argue that location data held by third parties should not be afforded Fourth Amendment protections. But in a world where over half of the 1.3 million published iOS apps are location-enabled, location data has to be protected, regardless of where it’s stored, if our constitutional rights are to have any meaning.

The most important thing developers can do to secure user data is to only store it in highly aggregated and anonymized forms – If you don’t have something, there is no reason for someone to break your door down to get it. But even in anonymized datasets there are little details that, when combined with other datasets, can leak information. It’s therefore essential that we protect user data both technically and legally.
Developers who deal with location data have a responsibility to protect user information to the full extent of the law, and to never disclose it to law enforcement officials except in response to a probable cause search warrant, or in case of a life-threatening or similarly dire emergency.
Every American developer should update their law enforcement guidelines and say clearly that they will only disclose user location information in response to a probable cause search warrant.
Studies from Google and the Boston Consulting Group (BCG) estimate that the geolocation space is growing 30 percent each year. We’ve only begun to understand the potential of location data and how it will influence our lives. The benefits will be enormous, and we can deliver them without a cost to users’ privacy — if we’re careful.
Most users are choosing to share their location data in exchange for those benefits. It is now the responsibility of developers to safeguard their users’ privacy. The way we manage this data today is critical to our collective future.