- SCU Home Page
- About SCU
- On Campus
- News & Info
by Dorothy J. Glancy
Where you are and where you have been say a lot about who you are. So most people care about information regarding their whereabouts. They are concerned about new surveillance technologies being developed that can track travelers along public roads almost all the time and almost everyplace. These new technologies include private-sector applications, such as systems that assist in the recovery of stolen vehicles, as well as systems that provide real-time traffic information, such as television traffic reports.
Some of the technologies, particularly electronic tracking devices, are used by law enforcement to trail suspects. Others, such as Intelligent Transportation Systems (ITS), are operated by local and regional transportation agencies to combat traffic congestion. An estimated $81 billion (mostly federal money) has been invested in ITS since the program was established in 1991. Primarily designed to enhance transportation safety and efficiency, ITS can also be used to follow a specific individual and to record where that individual is and has been. ITS-generated information can even be used to predict individuals’ future movements and locations. What is unprecedented about these technologies is that they are so numerous and so widespread. Not just gatherers of information about traffic flows, these technologies can also monitor specific vehicles or individuals over a wide area.
Just as these ITS systems monitoring public roads and highways have become commonplace, concerns about homeland security and anti-social behavior have stimulated government interest in the whereabouts of particular individuals for law enforcement and intelligence purposes.2 In the private sector, real-time and historical information about a person’s travel patterns is extremely valuable to "location" marketers and to those engaged in geo-demographic marketing. As Thomas Friedman has suggested, privacy rights can be threatened not only by an Orwellian "Big Brother," but also by "little brother," the private-sector information collector.3 When Big Brother and a gang of little brothers get together to gather and to share transportation information, the privacy of individuals can be at risk when personal information is not properly protected. The Department of Defense’s now-defunct TIA ("Total Information Awareness" later reconstituted as "Terrorism Information Awareness") raised fears about threats to privacy from combining government and private information sources. Similar objections to the MATRIX (Multistate Antiterrorism Information Exchange) program and the Transportation Security Agency’s CAPPS II program (Computer Assisted Passenger Prescreening System) reflect continuing unease about collaboration between public and private databases containing personal information.
From a legal perspective, privacy expectations of people on public roadways seem at the outer limits of privacy rights. In the context of Constitutional protections against unreasonable searches and seizures, Chief Justice Rehnquist has even said that: "A person traveling in an automobile on public thoroughfares has no reasonable expectation of privacy in his movements from one place to another."4 However, that does not mean that people on the open road have no privacy protection whatsoever. As Justice O’Connor reminded in a 2000 decision that struck down as unconstitutional a drug interdiction roadblock,5 just because privacy has rarely been protected on public roadways does not mean that privacy should never be protected there.
It is important to keep in mind that for almost forty years courts have insisted that the Fourth Amendment "protects people, not places."6 Of course, expectations of privacy in some places, such as a person’s home, seem more intuitively obvious than expectations of privacy in public places, such as roads and highways. Indeed, the circumstances in which courts and legislatures recognize privacy rights in public places, such as roads and highways, typically present "hard cases"7 for protecting privacy. But even in cases involving the open road, some privacy rights remain.
Tracking Techniques and Technologies
Watching people who travel on public roads is often described as "fair game," although stalking someone for harassment purposes is illegal.8 Technology offers many more ways to keep track of people as they move about the world.
Physically following another person is a low-tech way of tracking a targeted person. Investigators call this type of surveillance "tailing" or "shadowing." However, in addition to its intrusion on the privacy of the person being followed, physical following has practical drawbacks. First, physical surveillance is expensive, usually requiring at least one follower (and often several) for each person being followed. Second, once the person being followed realizes that she is being followed, she usually reacts either by eluding or by attacking her trackers. Moreover, keeping track of all of the locations where a person has been can pose significant information-management challenges. Such practical problems limit the use of physical surveillance to very few targets.
Advances in technology now make it possible to target and track many more people—in fact, nearly everyone on a road or highway, both in real time and historically, as this information is retained in databases. Several attributes of modern roadway surveillance technologies enhance their effectiveness. First, modern surveillance technologies often are nearly invisible. Second, tracking technologies are widely available in the U.S., in part because of generous federal funding for ITS. Third, emphasis on nationwide interoperability of roadway monitoring systems, together with use of digital formats for data collection, makes roadway surveillance information widely available in searchable relational databases. Fourth, because digital surveillance data is often cheaper to retain than to edit or to destroy, information derived from tracking and monitoring may have a nearly perpetual existence. Fifth, these systems tend to operate routinely and automatically, as they indiscriminately collect information about all those who travel past a broad range of locations around the U.S.
Law Enforcement Surveillance Technologies
Law enforcement agencies have long used an array of surveillance techniques in their efforts to catch and convict criminal suspects. These techniques include physical tracking on the ground or by aircraft. On the technological side, perhaps the most frequently used law enforcement surveillance technology is the electronic tracking device, which is actually a group of technologies that includes "beepers" and GPS (Global Positioning Systems) devices. These devices are designed to track a targeted person or object from a remote location without the target becoming aware of being tracked.
For more than fifty years, law enforcement agents have used electronic transmitters (beepers) attached to a person, an item, or a vehicle so that an officer could track them remotely. A receiver operator, located at a distance from the target, simply follows the electronic signal continuously emitted by a transponder. (The beeping sound emitted by the receiver gave rise to the name "beeper.") These devices have been particularly useful in cases involving illegal substances such as drugs and the ingredients for making them. Beginning in 1986, federal electronic surveillance statutes recognized use of these electronic tracking devices.9 Court orders authorizing them are issued under Rule 41 of the Federal Rules of Criminal Procedure.
GPS devices that permit automatic computerized logging of the position of a vehicle or object are a technological step beyond beepers. Vehicle owners sometimes install such devices for navigation and emergency purposes and to facilitate retrieval if a vehicle is stolen. Law enforcement agencies also attach GPS tracking devices to suspects’ vehicles. Unlike a beeper, an attached GPS device automatically produces a log of the various locations of the vehicle over time, without the need for continuous human monitoring. After detaching the GPS device from the vehicle, law enforcement agents download a digital itinerary of all the time and places the GPS device and vehicle have traveled.
The legality of tracking devices was established by the United States Supreme Court twenty years ago in a pair of decisions that set general parameters for the permissible use of beepers and similar location-surveillance devices. In 1983, the Court first evaluated this form of electronic surveillance and upheld the use of beepers in snaring targeted illegal drug suspects.10 Chief Justice Rehnquist’s opinion for the Court noted, however, that use of beepers on a wide-spread basis for pervasive surveillance might become a potential abuse. Later, the Court limited the warrantless use of beepers to areas outside the home. According to the Court, monitoring a beeper becomes a search requiring probable cause and a warrant when it reveals "a critical fact about the interior" of a home that could not have been obtained by visual surveillance from outside.11
State court decisions are divided regarding lawful use of tracking devices by law enforcement. In 1988, the Oregon Supreme Court concluded that "the use of the radio transmitter to locate defendant’s automobile was a search . . . Because the police did not have a warrant, . . . use of the transmitter violated defendant’s rights under [the Oregon Constitution]."12
The Oregon Court was concerned that "[N]o movement, no location and no conversation in a ‘public place’ would in any measure be secure from the prying of the government. There would in addition be no ready means for individuals to ascertain when they were being scrutinized and when they were not.
That is nothing short of a staggering limitation upon personal freedom." A California statute similarly prohibits the unconsented use of tracking devices, with an exception for lawful use by a law enforcement agency.13
In contrast, the Supreme Court of Nevada approved the warrantless use of an electronic tracking device in connection with a serial rape investigation concluding, "we can see no objective expectation of privacy in the exterior of an automobile."14 Similarly, the Ninth Circuit approved placement of an electronic tracking device on the undercarriage of a vehicle without a warrant in a case involving marijuana cultivation in a National Forest.15 Law enforcement agencies also routinely use private GPS systems to recover stolen vehicles and to prosecute carjackers.
These days, law enforcement does not use beepers as frequently as many other technologies designed to track location and movement, such as GPS devices, cell phones, toll tags, and the like. The extent to which law enforcement agents also will be allowed to access information from non-law enforcement roadway surveillance systems, such as Intelligent Transportation Systems, remains unclear.
It is worthy of note that the Ninth Circuit recently rejected efforts of the Federal Bureau of Investigation to gain access to a type of vehicle-based communications and roadway assistance system known as telematics.16 The FBI sought to use the communications aspects of a vehicle-based mobile communications system to eavesdrop on persons inside a telematics-equipped vehicle. But the Ninth Circuit rejected the request because such monitoring would interfere with the operation of the vehicle’s emergency communication system.
Intelligent Transportation Systems
Intelligent Transportation Systems (ITS) embrace a wide variety of technologies, not all of which involve keeping track of people’s whereabouts. Originally called Intelligent Vehicle Highway Systems (IVHS), as initially designed, these technologies did not target individual vehicles.17 Rather, ITS technologies were used to collect impersonal, aggregate information about traffic flows, such as the rate of use of a segment of highway or of an on-ramp or off-ramp to a bridge or tunnel. Typically under the control of transportation agencies, often at the local or regional level, ITS systems have received billions of dollars in federal funding from the United States Department of Transportation (USDOT). But USDOT does not micromanage ITS systems nor emphasize surveillance of individuals.
More advanced ITS technologies often collect individual location and origin-destination data, such as the commute pattern of an individual. For example, among the best-known of the new ITS technologies are the telematics-based emergency roadway assistance systems with GPS navigation and satellite communications, such as OnStar™ from General Motors. These newer ITS technologies can focus on an individual traveler’s activities and location, can keep track of locations visited, and can maintain itineraries of past travel. Such information can then be used to predict the individual’s future journeys and locations. Although law enforcement is not the primary mission of most ITS technologies, law enforcement agencies often participate in particular ITS projects. For example, the TravInfo traveler information system that has brought 511 traffic information to the San Francisco Bay Area is a joint project of the Metropolitan Transportation Commission, Caltrans (the California State Department of Transportation), and the California Highway Patrol.
Perhaps the most common form of ITS technology is the closed-circuit camera that captures either moving or still images of roadways and the people and objects on them. Located high above roadways, closed-circuit television cameras are often difficult to see from the road. These unobtrusive traffic cameras are usually operated from a traffic management facility located away from the camera. The camera’s operator uses remote controls to monitor particular locations (bridges, tunnels, on-ramps and off-ramps) or incidents (accidents or bottlenecks). The camera operator can zoom the camera in to capture the vehicles and the faces of people involved in traffic incidents. Real-time panoramic views from such cameras showing traffic flows, or traffic jams, are often broadcast on local television stations and are popular places to visit on transportation agencies’ Web sites.
Traffic cameras that focus on particular vehicles are part of a group of ITS technologies known as Automated Vehicle Identification Systems (AVIS). These include both television and still cameras installed at the entrance to parking facilities, airports, or toll facilities. They automatically take a digital photograph of each vehicle that enters. These photos may be used to deny entrance to unauthorized vehicles. Digital cameras are also used to automatically photograph any driver who runs a red light or exceeds the speed limit (called photo radar). The resulting digital pictures can be enhanced by license plate recognition. Whenever these traffic cameras focus in on an individual vehicle or person, the privacy interests of that individual may be affected.
License Plate Recognition
Automatic license plate recognition is a specialized application of digital cameras. License plate recognition is used for traffic management, weigh-in-motion commercial vehicle inspections, security, parking, border control, and other purposes. A recently implemented system to reduce traffic congestion in central London uses license plate recognition as the basis for charging a fee to vehicles that enter central London during peak hours.
From the perspective of privacy law in the United States, license plate readers are interesting because most courts do not consider a license plate to be private information. The argument is that a license plate is in open view for whoever wants to take notice. However, in France, the European Data Protection Directive has been interpreted to protect the privacy of a person’s license plate number.
A different type of ITS technology uses toll tags, an increasingly common feature of travel along U.S. roadways. Toll tag technology is another type of Automated Vehicle Identification Systems (AVIS). Instead of law enforcement agents installing them, motorists voluntarily place toll tags on their windshields for the purpose of paying tolls. About twenty types of electronic toll collection systems are in use in the United States, mostly to pay bridge and highway tolls. Electronically, a toll tag is a simple two-way radio receiver/transmitter programmed to respond to an activation signal with specific information—typically the transponder’s unique numeric identifier. In most toll tag systems, the transponder remains the property of the toll collection agency and is licensed for use by drivers. In its toll collection function, the tag is identified each time it passes through a toll collection facility, which automatically deducts the toll amount from a prepaid "debit" account.
Any toll tag that is within range of a transponder reader (this means it is on the windshield and not tucked away in the vehicle’s glove box) can be addressed to respond with the device’s unique numeric identifier. It is, therefore, possible to follow the locations of toll tags as they move past transponder readers located at places other than toll collection or debiting stations. The TravInfo ITS project of the Metropolitan Transportation Commission in the San Francisco Bay Area has found that a network of roadside toll tag readers is a useful way to collect information about traffic flows, volumes, and speeds.
There is no immediate connection between a toll tag’s numeric identifier and a particular vehicle or person. But the toll tag issuer typically associates the identifier with the name, address, credit card number, and other information about the toll tag holder, as well as vehicles in which the tag may be used and the drivers who may drive those vehicles
Vehicle Black Boxes
It is estimated that forty million vehicles in the United States have built-in "systems status" and "event data" recorders, informally called "black boxes" after the flight data recorders in airplanes. These vehicles’ computer modules automatically record general "vehicle systems status data" such as vehicle behavior, speed, mechanical operation, emissions, and seat-belt use. The black box is the critical-event module that collects information about the vehicle in the seconds before the vehicle’s airbags deploy. Many drivers know that their automobiles are equipped with expensive-to-repair computers. But drivers usually do not know, because manufacturers often do not disclose it, that built into the computer is an event data module that automatically captures their driving patterns and seatbelt use, as well as the mechanical status of their vehicle at the time of an accident. Drivers also do not know that vehicle manufacturers and insurance companies can download and use black box data to ascertain the causes of accidents
The legal issue regarding who has control over the event data collected by a vehicle’s black box remains unresolved everywhere except in California. In 2003 California adopted a statute that provides that beginning in July 2004, vehicle manufacturers must provide information about event data recorders in vehicle owner’s manuals. Moreover, the statute makes clear that the black box data is owned by the vehicle owner. Anyone else who wishes to access the black box data must secure the owner’s consent or subpoena the data from the vehicle owner.18
It is already possible to connect the computerized diagnostic functions of a vehicle’s computer system, such as the black box, with telematics communication systems. In a telematics-equipped automobile, vehicle status information is automatically transmitted via wireless communication to an external computer database. In mid-February 2004 the Federal Communications Commission released new licensing and service rules for Dedicated Short Range Communications (DSRC) for ITS. These rules authorize licensing both roadside units (RSUs) and vehicle-based on-board units (OBUs). The United States Department of Transportation has indicated that it plans to require such OBUs on all vehicles sold in the United States. Once implemented, these new ITS communications technologies will permit automatic warnings, such as of lane changes, from one vehicle’s OBU to a nearby vehicle’s OBU. The DSRC communications will also be able to automatically transmit vehicle status data, such as emissions levels, to roadside unit collectors of environmental data
In addition to traffic information collected by ITS systems, federal communications law requires wireless technologies to provide automatically the location of mobile telecommunications devices. The Wireless Communications and Public Safety Act of 1999 designates "911" as the nation-wide emergency telephone number for wireless telephones (it is already the emergency number for landline telephones). The Act also contains an "E911" mandate that requires automatic location identification (ALI) so that wireless carriers can locate all wireless "911" callers for emergency services purposes. This automatic location information is the basis for currently available ITS telematics systems
Because Congress was concerned that automatic location identification could be used to track wireless communications device users, it also included statutory protection for the privacy of consumer proprietary network information (CPNI), including ALI location data.19 Use of CPNI information is restricted to wireless carriers. Law enforcement is authorized to access this location information under a separate statute, the Communications Assistance for Law Enforcement Act.20 Already, use of cell phone location records in prosecuting criminal cases has become fairly common
The potential for storing itineraries of the locations to and from which a person has traveled in the past is embraced by one of the newest ITS user services—Archived Data User Service (ADUS). Transportation planners use origin-destination information in designing highway and public transit systems. Marketing companies also use such demographics to predict and to affect future travel and purchasing decisions. Current ADUS projects do not focus on collecting and storing individual itineraries of identified persons. But recently approved ITS communications services are likely to generate increasing amounts of such information, particularly if the Department of Transportation requires all vehicles to be equipped with DSRC on-board units that automatically transmit such data to roadside units
In addition to marketing organizations that consider location information and itineraries to be quite valuable in consumer profiling and marketing, domestic relations lawyers are keenly interested in such data. Law enforcement agencies also will be likely to find archived itineraries useful, for example, in placing a suspect at or near the scene of a crime
Privacy Protection Strategies
Privacy protections can be built into ITS systems and services. Probably the most effective strategy is to avoid collecting individualized information about travelers as much as possible. In addition, assuring notice about, consent to, and security of any personal information that is collected helps protect privacy. To the extent that personal information is collected, the persons who are the subjects of the information should control the use of data derived from their own activities on the open road
Because ITS systems are "intelligent," they can be designed to strip or to encrypt personal identification information and to destroy information after the purpose for its collection has been accomplished. Remote cameras can be restricted to collect only traffic flow information (speed and number of vehicles at given locations) and not to zoom in and identify any particular vehicle or individual along the roadway. License plate readers can be programmed to scramble or encrypt the license plate’s digits and letters so as to preclude any connection with a particular individual or vehicle
The technology picture of ways to keep track of the whereabouts of vehicles and individuals on public roadways is remarkably dense with new systems that will require both legal and technical solutions to protect an individual’s privacy. Current interest in national security, as well as in profitable uses of tracking and monitoring technology by both government and private-sector users, may make protecting the privacy of one’s whereabouts difficult. Nevertheless, it is possible to build in privacy protection so that, as these new technologies are deployed, appropriate privacy protections are part of them. Responsible privacy management should include education of ITS, communications, and law enforcement personnel in handling information about individuals, their present whereabouts, past itineraries, and future travel plans.
1 An extended version of this article will appear as "Privacy on the Open Road" in the Ohio Northern University Law Review later this year.
2 One sign of these concerns was the enactment of the USA Patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001).
3 Thomas L. Friedman, "Little Brother," New York Times, Sept. 26, 1999, Sec. 4 at 17; Thomas L. Friedman, The Hackers’ Lessons, New York Times, Feb. 15, 2000, at A31.
4 U.S. v. Knotts, 460 U.S. 276 (1983), 281.
5 Indianapolis v. Edmund, 531 U.S. 32 (2000).
6 Katz v. U.S., 389 U.S. 347 (1967), 348, a case protecting the privacy of a person in a public phone booth.
7 The concept of "hard cases" comes from Ronald Dworkin, Taking Rights Seriously (Cambridge: Harvard University Press, 1977), 81-130.
8 California Civil Code §1708.7 and California Vehicle Code § 646.9.
9 Electronic Communications Privacy Act, Pub. L. No. 99-508 (1986); 18 U.S.C. 3117.
10 U.S. v. Knotts, 460 U.S. 276 (1983).
11 U.S. v. Karo, 468 U.S. 705 (1984).
12 State v. Campbell,759 P.2d 1040,1049 (Or. 1988).
13 California Penal Code §37.7.
14 Osburn v. State, 44 P.3d 523, 526 (Nev., 2002).
15 U.S. v. McIver, 186 F.3d 1119 (9th Cir. 1999).
16 In re United States for an Order Authorizing Roving Interception of Oral Communications, 349 F.3d 1132 (9th Cir. 2003).
17 See Dorothy J. Glancy, "Privacy and Intelligent Transportation Technology," 11 Santa Clara Computer and High Technology Law Journal (1995), 151.
18 California Vehicle Code §9951.
19 47 USC §222.
20 18 USC § 2522 and 47 USC §§229, 1001-1010.