Law based on Geolocation Tracking by Apps

Nitish Chandan
Int. B.Tech in Computer Science + LL.B Hons. With Specialization in Cyber Law-IV Year
University of Petroleum and Energy Studeis, Dehradun
+918394029559, nitishchandan@hotmail.com

ABSTRACT
Location Services or the Global Positioning Satellite based services in the most layman sense have
become an essential part of our day to day life. While looking for a restaurant or treading paths or
getting area specific content, this location plays an important role. The law however in most parts of
the world is pretty clear and straightforward about using location services to track people. This paper
will touch upon how Geolocation tracking works along with the different scenarios of search.
The next big thing is regulating location to not invade the privacy of any individual. For this, as far as
India is concerned there isnt much happening or being done. The reason for that is not legislation or
short-handedness, it falls back to the fact most of the applications being used by Indian users are built
in and operated from outside the nation and very rarely do we even follow the law of the land. This
paper will also highlight a few cases of International Origin which law down specifically the mandates
that come in with using or allowing the GPS to track anyone.
Keywords: Geolocation, GPS, tracking, privacy, law, content.

1. INTRODUCTION
Geo-location in the technical sense, is the location of a mobile device on the planet pin
pointed to latitude and longitude or within tower IDs. What most people do not understand
about Geolocation is that it need not be exact location to be called a geolocation. Any
technology that will pin point an individual through the location of his mobile device will fall
under the banner term of a Geolocation tracking technology. Now this sets up the premise of
the next chapter in this paper about the different types of geo location monitoring, one which
falls within the limit of the law and the other beyond.
These mobile devices being talked about can be found these days in mobile phones, smart
watches, cars, and different other upcoming technology in the Internet of Things. There have
been numerous instances of location tracking by law enforcement as well as by companies.
Most claims worldwide have gone into the privacy violation category with most users being
frustrated for applications and their network providers tracking them. There is however no

conclusive law for tracking by these application yet. As far as location tracking by law
enforcement goes, the picture is pretty throughout the world.

2. Types of Location Tracking

2.1. Network/SIM
The location of a mobile device can be determined using the service provider's network
infrastructure. The advantage of network-based techniques (from a service provider's point
of view) is that they can be implemented non-intrusively without affecting devices. Networkbased techniques were developed many years prior to the widespread availability of GPS on
handsets and have been widely used over the years for tracking by law enforcement
agencies. They do not need any application to track a user. The SIM in itself has built in
provider specific architecture to communicate with the Base Station which broadcasts its
location.
The accuracy of network-based techniques varies, with cell identification as the least
accurate and triangulation as moderately accurate, and newer "Forward Link" timing
methods as the most accurate. The accuracy of network-based techniques is both
dependent on the concentration of cell base station, with urban environments achieving the
highest possible accuracy, and the implementation of the most current timing methods.
One of the key challenges of network-based techniques is the requirement to work closely
with the service provider as it entails the installation of hardware and software within the
operator's infrastructure.
2.2. Applications/GPS
The location of a device can be determined using client software installed on the handset.
This technique generally requires the mobile device equipped with GPS then significantly
more precise location information can be then sent from the device to the operator.
The key disadvantage of this technique (from service provider's point of view) is the
necessity of installing software on the handset. It requires the active cooperation of the
mobile subscriber as well as software that must be able to handle the different operating
systems of the handsets. Typically, smartphones would be able to run such software, e.g.
Google Maps.
One proposed work-around is the installation of embedded hardware or software on the
handset by the manufacturers, e.g., E-OTD. This avenue has not made significant headway,
due to the difficulty of convincing different manufacturers to cooperate on a common
mechanism and to address the cost issue. Another difficulty would be to address the issue of
foreign handsets that are roaming in the network.

3. What warrants an application to track location?

The simplest answer to this is the privacy agreement. In as far contained in the privacy
agreement that every user agrees to, it is clearly mentioned that the application required
location services and it will be sending the location to its servers. Now there have been a lot
of contest about why does an application need such type of data. And this is established that
any application actually tracking the location of a mobile device actually does it to serve ads
better when it is storing the data.
A short dry run that you could do is, Open the Facebook Application on your smartphone. As
soon as the application is open, without performing any other operation, the location services
start to function and stay on till you turn off the application. This type of tracking can tell
Facebook of the users movement on the go. It is lethal isnt it?
3.1. What if the application tracks you even when it is not turned on?

The central agency to filter such applications and regulate this space is the Federal Trade
Commission (FTC). On February 22nd 2015, the FTC issued guidelines to all mobile app
developers about applications that record and store user location. The report based on 2013
suggests comprehensively convers all scenarios of use by the end user.
FTC says, A mobile app that collects users location data while the mobile app is not in use
should clearly disclose such practices and provide users with choices. Failure to do so could
give rise to an FTC claim of deceptive practices.
In mid-February, the Federal Trade Commission (FTC) published advice regarding mobile
apps collection of users location data when the mobile apps are not in use. The FTC
recommends that such mobile apps clearly disclose such data collection practices and offer
choices to users regarding such collection, especially if such data collection would not be
intuitive to a user. For example, consumers may assume that a mobile app that provides
driving directions will collect their location data, but consumers may not assume that such
mobile app also collects their location data when the mobile app is not in use.1
The FTCs guidance acknowledges that mobile app platforms and mobile operating systems,
such as Apples iOS and Googles Android, may or may not have built-in, system-level
disclosures that provide information to users about a mobile apps collection of location data.
1

FTC ISSUES NEW GUIDANCE FOR MOBILE APP DEVELOPERS THAT COLLECT LOCATION DATA

http://www.pillsburylaw.com/publications/ftc-issues-new-guidance-for-mobile-app-developers-that-collectlocation-data as accessed on 9th January, 2015.

Regardless of such system-level disclosures, the FTC urges mobile apps that collect users
location data when the mobile apps are not in use to disclose such data collection in a
transparent way. Below are the tips provided by the FTC on ways for mobile apps to explain
such data collection practices to users:

For a mobile app that is available through the iOS8 system, the system prevents the
mobile app from accessing a users location data when the mobile app is not in use,
unless the user affirmatively allows such collection in response to a system-level prompt.
The dialog box for this system-level prompt includes space for the mobile app to provide
details on its collection of location data. The FTC recommends that the mobile app use
this space to clearly explain why the mobile app wants to access the users location data,
how the mobile app will use this data, and whether the mobile app shares this data with
third parties.

For a mobile app that is available through an operating system that does not provide
users with system-level disclosures and choices about the collection of their location
data, the FTC recommends that the mobile app explain its data collection practices and
offer users choices within the mobile app regarding the collection of their data. For
example, the FTC recommends that before the mobile app begins collecting a users
location data when the mobile app is not in use, the mobile app may give users an in-app
notification that explains why it wants to access location data and give the user an
opportunity to opt in to such data collection.

Regardless of what platform consumers use to obtain a mobile app, the FTC
recommends that the mobile apps privacy disclosures and other information pages
clearly describe the mobile apps data collection practices in plain language, so that
users will understand whether the mobile app collects their location data when the
mobile app is not in use and for what purposes.

This recent guidance expands on the FTCs recommendations included in its Mobile Privacy
Disclosures report published in February 2013. In that report, the FTC recommended,
among other things, that mobile app developers provide just-in-time disclosures and obtain

users affirmative express consent before collecting and sharing sensitive information, such
as location data (to the extent the platforms have not already provided such disclosures and
obtained such consent). In the 2013 report, the FTC clarified that, to the extent its guidance
goes beyond existing legal requirements, it was not intended to serve as a template for law
enforcement actions or regulations under laws currently enforced by the FTC.
However, in late 2013, the FTC pursued enforcement action against at least one mobile app
developer that did not clearly and accurately disclose its collection and use of location data
to users. In December 2013, the FTC filed a complaint against Goldenshores Technologies,
LLC, a company that provided a popular Brightest Flashlight Free mobile app, and its
owner. The FTCs complaint alleged, among other things, that the companys acts and
practices constituted unfair or deceptive acts or practices in or affecting commerce in
violation of Section 5(a) of the Federal Trade Commission Act because it provided a privacy
policy that did not reflect the mobile apps use of personal data, including location data, and
presented consumers with a false choice on whether to share such data. In 2014, the FTC
approved a final settlement that required the company to, among other things, provide a justin-time disclosure that fully informs users when, how, and why their location data is being
collected, used, and shared and obtain users affirmative express consent before doing so.
This settlement, together with the FTCs published guidance, emphasizes the importance for
mobile apps to provide clear, transparent, and accurate disclosures about their collection of
location data and to provide users with choices related to such data collection. Potential
penalties for failing to comply with the FTCs laws, rules, regulations, and guidance may
include significant fines, required deletion of all consumer information improperly obtained,
ongoing FTC audits and inspections, and other compliance obligations.2

3.2. U.S. vs. Jones

It was a United States Supreme Court case which held that installing a Global Positioning
System (GPS) tracking device on a vehicle and using the device to monitor the vehicle's
movements constitutes a search under the Fourth Amendment.
In 2004 defendant Jones was suspected of drug trafficking. Police investigators asked for
and received a warrant to attach a GPS tracking device to the underside of the defendant's
car but then exceeded the warrant's scope in both geography and length of time. The
Supreme Court justices voted unanimously that this was a "search" under the Fourth
Amendment, although they were split 5-4 as to the fundamental reasons behind that
conclusion. The majority held that by physically installing the GPS device on the defendants
2

FTC Orders available at https://www.ftc.gov/system/files/documents/cases/140409goldenshoresdo.pdf

car, the police had committed a trespass against Jones' "personal effects" this trespass, in
an attempt to obtain information, constituted a search per se.

3.3. U.S. vs. Pen Register

Is the government allowed to track your cell phone's location without a warrant based on
probable cause? That's the question in a recent series of cases, where federal judges have
begun to expose and reject secret surveillance requests.
This issue came to light in August 2005, when the first judge to publish a decision on the
issue Magistrate Judge Orenstein in the Eastern District of New York publicly denied a
government request that lacked proof of probable cause. In doing so, Judge Orenstein
revealed that the Justice Department had routinely been using a baseless legal argument to
get secret authorizations from a number of courts, probably for many years. Many more
public denials followed from other judges, sharply rebuking the government and
characterizing its legal argument as "contrived," "unsupported," "misleading," "perverse,"
and even a "Hail Mary" play. But the government continues to rely on the same argument in
front of other judges, sometimes successfully.

3.4. Intermex Complaint

According to news on the BBC website3 and complaint documents uploaded to a website4
as of May 2015, a sales executive in the State of California is suing her employer for
invasion of privacy claiming that she was fired for removing an app that monitored her
location. The matter is undecided yet, but when it comes to question and is finally decided it
could form the premise of big precedent. The action alleges that Intermex, a firm which
arranges money transfers, tracked employees even when off-duty. According to court
documents published by website Ars Technica, employees were instructed to download the
app, called Xora, to their phones in April 2014.
Xora is described on its website as a workplace management app which allows companies
to "remotely manage" their workers by keeping track of their hours and other aspects of their
job.

3
4

http://www.bbc.com/news/technology-32704572
http://cdn.arstechnica.net/wp-content/uploads/2015/05/Intermexcomplaint.pdf

4. Results and Discussion

If we go beyond the usual tracking, things like vehicular tracking could be included in the
paper but that is generally hardware dependent. Although the growth on cases about
vehicular tracking is tremendous and has a lot of work already being done.
Tracking by apps however is at a nascent stage in India more than any other country. We
are not talking about privacy; leave alone the breach of it. Internationally, as mentioned there
have been the few cases as mentioned. The FTC guidelines today stand as the biggest
benchmark in relation to regulation of the applications that go online. But it is not going to be
enough, even after the guidelines and community standards in place there are applications
that monitor usage and are often malware yet still exist on the different application stores.
The FTC recommendation to notify user each time location is being used is the best solution
to location based tracking problems.
The next dimension of this could be tracking for lawful purposes by the Law enforcement
based on some complains and legal actions which in my opinion and understanding should
be in place for national security, integration as well as delivery of justice.