ArcNews Online

Fall 2008

Implementing Geographic Information Technologies Ethically

By Harlan J. Onsrud

As the globalization of geospatial information resources and services accelerates, it becomes far more challenging to protect personal information privacy; pursue traditional business or agency revenue generation models; protect property rights in spatial data products and services; ensure access to government data, records, and services; and provide security for our information systems. The traditional means of exerting control are often ill-suited to dealing with rapidly morphing technological and social conditions.

In this article, I explore some of the alternatives for envisioning relations among parties. In selecting possible control mechanisms, I argue that morally defensible geospatial technology designs and information system implementations are far more likely to survive and thrive in the long term, both within the marketplace and within and across democratic societies, than those that use other controls as their only touchstones in guiding relations. Several examples are cited. I argue further that the social and economic ramifications of technology developments and implementations need to be reflected upon up front in order to drive designs and implementations toward results that support laudable moral values, not as an afterthought by business managers, agency personnel, or code writers. After millions of lines of code have been written or substantial money has been spent on a system build, it is often too late or extremely burdensome to adjust. Consumers and citizens don't need to be sold on morally defensible designs and implementations. We all want them. Striving hard to understand and serve what consumers and citizens actually want will result in the highest payoff for businesses, government agencies, and society in general.

Societal Controls

When problems arise in our rapidly changing technological world, we tend to look to the law for solutions because its traditional functions have included settling disputes, maintaining order, providing a framework within which the common expectations of daily life can be met (buying groceries, driving, or using banking services), securing efficiency and balance in the functioning of government, protecting each of us from excessive or unfair government and private power, and ensuring that all members of society have an opportunity to enjoy the minimum decencies of life. The roles of the law are myriad, and we naturally look to the legal system for guidance. Yet, resorting to the law is not the first or best mechanism for defining our relationships with others.

The preferred priority of societal controls has often been listed in the legal literature as the marketplace, private arrangements, then the law. In this priority listing, price is viewed as a much better regulator of quality than laws, and support of the free will of parties, such as through agreements, is far more beneficial than having the law define what their relationships should be. In the context of the marketplace and private arrangements, the law serves a primarily supporting role in ensuring open competition and the enforcement of valid contracts. Looking to the law to define personal or resolve disputed relationships should be seen as a last resort.

For resources, such as geospatial products, that can be conveyed through cyberspace, the inherent characteristics of data and information make enforcement of controls particularly problematic. The theory is that the "invisible hand" of everybody pursuing individual economic interests drives greater efficiency and lower prices throughout the market. However, for this invisible hand to function effectively, goods in the market should have the characteristics of being rivalrous (e.g., my consumption of an apple adversely affects your consumption of the same good) and excludable (e.g., I need to be able to bar your use of the good for free), and the market must be transparent.

Illustration by Steve Pablo, Esri

There are at least three major reasons provided in the literature as to why markets fail: public goods, externalities, and economies of scale.

The first of these failure concepts is perhaps the most critical for participants in geospatial product exchanges to understand. Public goods are not something defined as being supplied by the public but rather are goods that are nonrivalrous and nonexcludable. Information products and services are strongly nonrivalrous in that they may be consumed but not depleted. After digital geographic data, information, or products are given away or sold, the owner still possesses them. It is also very difficult to exclude "free riders" from gaining access to digital products once they have been distributed. As such, many of our geographic information products contain the opposite characteristics of those suited to an ideal Adam Smith market.

There is not much we in the geospatial industry can do about the nonrivalrous nature of our information goods. To date, the information industry in general has used two major mechanisms in attempts to convert inherently nonexcludable information goods to excludable goods.

The first is by action of law. In most nations, copyright and other intellectual property laws have been legislated that provide sanctions should copyrighted works be copied without permission. As we know from the widespread free rider sharing of music and movie files across the Web, enforcement through the laws of the world's nations has not been very effective to date in converting such nonexcludable goods to excludable goods across the globe.

The second approach is to use technology to prevent unauthorized persons from using one's information products, such as through digital rights management tools. To date, however, those using such systems have often lost in global market competition when competing with products that have taken an open approach to intellectual property protection and have allowed users to play and experiment with information products before buying them, when competing with products that are given away for free in order to build a market for related services, or when competitors are using an alternative economic model than one relying on intellectual property rights to create excludability.

A more useful framework for exploring controls that are and may be imposed among parties in both real space and cyberspace is the framework of law, norms, market, and architecture (Lessig—Code and Other Laws of Cyberspace). As we all know, laws are rules imposed by government, and sanctions are typically imposed after a breach occurs. Norms are standards of behavior, often within a specific community, and enforcement comes not from force of law but through violators being branded as antisocial or abnormal and stigmatized by the community. The market regulates through price and does so up front rather than after the fact. Finally, architecture constrains our behavior physically (e.g., I can't take your apples if they are locked in a room). Enforcement through architecture is immediate and does not require an intermediary, such as arrest of a lawbreaker or chastisement of a community member. The architecture of cyberspace is embedded in software code (i.e., I can't gain access unless I provide a user name and password).

Lessig argues that all four categories of constraints are in continuous operation whether in physical space or cyberspace. They influence each other, and all should be explored in the context of their combined effects when looking for solutions in promoting good behavior and constraining bad behavior in cyberspace. When considering specific behaviors, one or more constraints may have far greater utility than the others. By example, architecture (the code of spam filters) has been far more effective to date than law in dealing with spam.

While the above frameworks for exploring controls over activities in digital space are all useful, the critique has been made, with which I agree, that the ultimate regulator in setting the boundaries for activities and policies in cyberspace should be morality (Spinello—Cyberethics: Morality and Law in Cyberspace).

Spinello supports this position with the primary arguments that ethical values are more objective and universal, have greater enduring value, and therefore should be the basis for guiding and directing the ways in which computer code, laws, the market, social norms, and any other controls are used to shape behavior.

I suggest further pragmatic reasons for supporting moral values as the primary guide on which we should focus: ethical analysis processes are far more useful for geospatial specialists and organizations in guiding design and implementation actions. The guidance that ethical analysis provides is far more likely to result in higher economic and social benefits in the long run than that provided by merely staying on the right side of current law.


Many of our geospatial products and services are now offered or accessible globally. The actions or approaches we take in one local community or nation to protect personal information privacy; pursue business or agency revenue generation models; protect property rights in spatial data products and services; ensure access to government data, records, and services; and provide security for our information systems can be significantly weakened or strengthened by the laws, information infrastructure, market products, and social norms supported elsewhere. A new geographic data product using a completely different model for generating revenues (e.g., Google Earth) may destroy many assumptions a company or agency might have about selling data products or services to users in its own community or jurisdiction. A digital product, such as software or a database a company may have spent millions to produce, may be stolen and distributed at the speed of light to people in other jurisdictions with little practical hope of recovering actual damages.

Law Versus Ethics

One problem with using the law in guiding our geospatial tool design and information system implementation decisions is this complexity caused by globalization. For example, the legal ownership status of scientific and technical information, including geographic data, is highly uncertain across the globe. Further, substantial differences in the law exist among jurisdictions. The typical geographic data user cannot know whether data found posted openly on the Web, extracted from a table in a print article, or automatically extracted from a networked database and included as a portion of the visual results from an online Web map service is protected by copyright or some other legal right. Even in science, the tradition of reproducing the data of others in one's work, then citing the source is no longer sufficient. Although many in society tend to ignore legal rules when they fail to meet our day-to-day expectations or they appear patently unjust as applied to our circumstances, the law in many jurisdictions now assumes that if the compiled digital data of others is used without their permission, it's done at the user's own legal peril. Just as one may not assume that any music file found openly available on the Web is free to copy legally without permission, the same holds true for most of our geographic digital products.

click to enlarge
Illustration by Kyle Heinemann, Esri

In addition to its complexity, another problem with using law as a primary guide for our geospatial design and implementation decisions is that laws are passed on a majority-rules basis (or representative majority-rules basis), at least in democratic societies. Even in democratic societies, the concerns of minorities or disenfranchised parties may not be adequately protected if we seek to meet only the letter of the law in our designs and implementations.

A third problem with using the law as a primary guide is that legal rules tend to establish minimum standards of conduct and are applied on a basis where one rule applies to all. Minimally legal conduct often falls far short of morally defensible conduct. Examples abound of database implementations and software designs meeting the minimum legal standards for protecting the intellectual property or privacy rights of users but where the use of such data was found by most of the data subjects to be highly objectionable, even though technically legal.

In contrast, core ethical values are much more universal. The core values themselves tend not to change over time or with location. They are grounded in our common human nature across societies. Ethical values also supply us with laudable as opposed to minimum goals for the societal effects of our software designs and system implementations. Further, morally defensible designs and implementations tend to embed adaptability to individual human conditions and preferences. Thus, one-size-fits-all is not forced on users on a take-it-or-leave-it basis.

Simply following the law also typically provides little or no guidance in resolving a true ethical dilemma. Resolving a right-versus-wrong conflict does not create an ethical dilemma. We know what to do. Our duty is to choose the right action. An ethical dilemma occurs when one contemplated action is arguably right but will cause harm to others while the competing, alternative contemplated action or actions, including the alternative of doing nothing, are similarly right and proper but will also cause harm to others. Thus, we truly are conflicted about the right action to take.

Core Ethical Values

The science of ethics helps us sort out which moral arguments have greater validity. The two primary traditions in philosophy are deontological (concerning duty and obligations) and teleological (concerning ends) theories. As a gross simplification, under deontological theories, intent is everything. As long as you intended to do good or at least not do bad, your action is morally defensible. Under teleological theories, intent or motive doesn't really matter as long as the final result is good. Thus, although the marketplace might be vile, greedy, and focused on maximizing self-interest, if everyone in society benefits by having a free and open marketplace, perhaps the open marketplace has greater moral strength than alternative economic systems. Over time, we have seen thousands of scholarly articles subcategorizing and attempting to reconcile these ethics traditions. Thus far, no single universal theory has emerged to provide us with a single clear-cut guide for our actions, yet the primary lines of ethical thought have many areas of agreement.

In assessing the moral validity of a contemplated action, such as a system design or implementation approach, we could indeed assess the action in the light of the traditional lines of philosophical reasoning. However, a more straightforward and contemporary solution is to focus on intermediary principles comporting with the primary ethical theories. While several theoretical frameworks might be used, I'll choose to illustrate some later examples using the concept of principlism as advocated by Beauchamp and Childress (Beauchamp and Childress—Principles of Biomedical Ethics).

Under this approach, certain prima facie duties are always in effect. They include autonomy of the person, nonmaleficence, beneficence, and justice. When assessing a planned action, all these duties always apply.

Briefly, autonomy is the duty to support self-determination in defining, planning, and pursuing a good life; nonmaleficence is the duty to avoid harm to others; beneficence is the duty to advance the welfare of others when able to do so; and justice is the duty to treat all fairly and impartially. When the duties are in conflict or one duty cannot be achieved, it needs to be asked whether there are alternative actions that might satisfy them all. If not, one needs to analyze the alternative design or implementation actions to determine which alternative might best achieve the duty viewed as being most critical to honor in the specific instance and minimize the harmful effects of not fully supporting one or more other duties.

For the long-term efficacy of software designs and system implementations involving the general public or consumers, moral issue consciousness and knowledge of ethical analysis processes for assessing contemplated actions by business managers, agency personnel, and code writers are extremely important.

There are several guidelines offered by practical ethicists. Most of the good guidelines automatically incorporate consideration of controlling laws and relevant disciplinary codes of conduct. In a straightforward case, resorting to law or codes of conduct may provide an answer that the designer or implementer can live with and perhaps one need go no further. In the tough cases, however, a systematic and rational procedure for thoroughly evaluating the situation is recommended. One that I use with both practicing professionals and students is the process and list of checkpoints advocated by Rushworth Kidder (Rushworth Kidder—How Good People Make Tough Choices: Resolving the Dilemmas of Ethical Living). The length of this article precludes stepping through a thorough assessment of a typical geospatial ethical dilemma. Rather, we jump to some examples to illustrate how moral values may have greater efficacy than law and other controls in guiding us toward rational solutions.

The Example of Intellectual Property

The music industry initially used the law as its primary guide and control mechanism in regulating the behavior of music file sharers. It pursued a closed approach to intellectual property protection in that only those purchasing full albums as defined and packaged by the traditional record companies or those subscribing to specific music services would have a legal right to possess or listen at will to the offerings of their artists.

Digital rights management systems were invoked to impose up-front control by locking out those who had not first paid an entry fee. These models would be strictly enforced through the application of law. However, this industry-wide model was viewed as unjust and illogical by large numbers of both consumers and artists in the light of current and emerging technologies. Was this position of the recording industry morally defensible? What alternatives might better support autonomy of the person, nonmaleficence, beneficence, and justice?

The current model of iTunes and similar download services is one that appears to be far more morally defensible in meeting societal needs. Focusing on the moral values of justice and fairness, the current implementation of iTunes Plus comports much more with the long-established legal bargain made between copyright holders and society in that, once a copy of a work has been purchased, "fair use" of the work without further payment is supported uninhibited by digital rights management constraints. This includes the right of the purchaser of a copy to transfer that copy to a reasonable number of other mediums for personal use.

The copyright holder (e.g., artist, recording company) is protected by using technology not to lock out access but by using technology to make purchasers accountable. It does so by attaching personally identifiable information to purchased files so that those who blatantly abuse the law by distributing their purchased copy to millions of others can be identified. ITunes and similar music sites support autonomy of the individual and beneficence by allowing artists to publicly publish their works in the manner in which they desire without controls imposed and fees extracted by intermediaries. Further, consumers have the ability to purchase individual tracks as opposed to collections packaged as albums. In terms of nonmaleficence, the harms of the economic, technological, and legal model pursued appear to be imposed primarily on competitors, and such harms, assuming a competitive marketplace, are typically viewed as a societal benefit by bringing down costs to make goods available to larger segments of society.

While Steve Jobs and other executives at Apple probably were not thinking explicitly of moral values in developing a workable solution for delivering music to consumers, their results remain an example where following a morally defensible path, as opposed to a legal rights advocacy path, has achieved far greater positive relations with consumers and profits for businesses. How might suppliers of geographic data and services similarly supply location-based data and services using approaches that are morally defensible while better achieving business and government objectives?

Ethics-Driven Implementations of Geographic Information Systems and Spatial Data Infrastructure: An Illustrative Intellectual Property Challenge

For at least the past quarter century, the debate has continued as to whether, under what circumstances, and to what extent property restrictions should be imposed on citizens and businesses in the use of geographic data that was gathered by domestic government agencies to meet government mandates and funded through general tax revenues. Similar debates surround the issue of whether data gathered for science through taxpayer-funded research grants should be made available to other scientists, businesses, and government agencies with no intellectual property restrictions imposed on the data. Much experience in pursuing various approaches exists.

I encourage students to explore the various approaches that have been used for the distribution of scientific and technical data, then have them articulate the moral values supported or not supported by these various approaches. We then search for market, legal, architecture (computer code), and social norm solutions that might better meet each and all of the moral values while still meeting pragmatic business and government objectives.

Development of one such solution was initiated (but not completed) in a research project entitled the Commons of Geographic Data ( This particular system was envisioned as supporting volunteer contributions from any sector. The moral value and pragmatic assessment process concluded that the contribution of geographic data by geospatial specialists and nonspecialists throughout the scientific, government, and commercial sectors, as well as by the general public, often highly benefits all contributors and users. Not all actors in all sectors will contribute, but many will. We believe that more in these communities would be willing to share their geographic data files if an architecture provided a simple mechanism for doing so, creators could reliably retain credit and recognition for their contributions, liability exposure would be minimized, and contributors would obtain substantial benefits (e.g., increased recognition, long-term archiving of their data, peer evaluation, and credibility).

To meet these operational requirements, the architecture proposed would provide

  • Open Access License Generation—With a few clicks, in less than a minute, users could create ironclad open access license conditions for any of their contributed datasets and bind that licensing information to the data.
  • Automated Metadata Generation—With a few clicks and typed responses, in less than 10 minutes, users who are not GIScience professionals would use a simple mechanism for creating standards-based metadata.
  • File Provenance Tracking—The system would automatically convert any contributed file to several standard interchange formats and track reuse of each of these files through generations of digital copying, aggregation, and partial extraction, ensuring that the parent lineage is always traceable.
  • Peer Review Recommender Systems—The system would enable users to not only access data through standard search mechanisms but also evaluate data for its suitability to meet their needs, as well as provide feedback to contributors.
  • Long-Term Archiving—Files would be archived and backed up at interconnected, long-term, institutionally supported facilities (e.g., libraries and research centers) that would not depend on the contributor's continual maintenance.

Notice that the architecture proposed for the geospatial community has several parallels with the iTunes architecture discussed above and is morally defensible using some of the same arguments. It uses an open approach to intellectual property management by allowing the tracing of major abusers of license conditions but not hiding the geographic data. Because of the public goods aspects of the proposed architecture, unlike iTunes, the architecture is unlikely to be provided through the competitive marketplace. Public or philanthropic funding would likely be required to resolve the research challenges and then develop and support such an architecture.

Several economic studies have confirmed that less restrictive intellectual property regimes often have far greater benefits for democratic societies and the world in general than more restrictive systems (e.g., Maurer—Across Two Worlds: Database Protection in the US and Europe) or approaches in which government competes with private companies (e.g., Weiss—Borders in Cyberspace: Conflicting Government Information Policies and Their Economic Impacts). Hence, the architecture suggested above incorporates open access licensing. However, a similar architecture supporting a morally defensible commercial license environment for geographic data and services is also certainly possible (National Research Council—Licensing Geographic Data and Services). Notice that it is possible to develop these morally defensible solutions entirely through architecture without the need to change any national laws or impose any other new controls.

Ethics-Driven Design of Geospatial Technology Development: An Illustrative Location Privacy Challenge

The mobile technology industry, as well as the location privacy literature, assumes a future in which government and corporate interests will have access and control over detailed information on the location and movement of objects and physical assets identified with individuals. Individuals will be granted, through legislation, a one-size-fits-all level of personal information privacy protection regardless of individual preferences and the changing nature of those preferences as technology and society change. While recognizing the importance of baseline personal information privacy that should be provided to all individuals through operation of the legal system, what if, instead, the global mobile tracking industry was built on the assumption that universal core moral values would be supported to the greatest extent possible? How instead would the technology evolve, and what explicit capabilities might the technology provide?

In assessing pervasive tracking systems that would support core moral values, imagine development of a handheld universal personal communicator. This device serves as a voice phone; receives and sends text messages, still images, and video; responds to voice commands and can respond back by voice; allows users to make purchases on the fly; tracks their location and provides directions or business information when asked; notifies them when they are near something they desire to buy or someone they wish to meet; tracks and warns of traffic problems and congestion; allows them to locate and track multiple friends on the fly; and performs other similar location and communication functions. This device is no longer difficult to imagine in economically developed nations. The corporate sector currently assumes ownership of the records of the time, location, transactions, and use of such systems, constrained only by one-size-fits-all legislative provisions and cumbersome opt-out possibilities.

A challenge I have frequently presented to engineering students is to conceptually design a prototype user interface that demonstrates how individuals might be allowed greater autonomy in deciding how, when, and at what detail their locations and movements may be tracked and retained by others. The design should increase beneficial uses of this type of technology, promote growth of the industry, and promote public security while granting individuals much greater flexibility and ease in protecting their personal information privacy.

One suggested approach resulted in recommending an integrated technological and legal solution that focused on an efficient interface for changing user privacy preferences on the fly with selections enforced through a dynamic contract (Anuket Bhaduri—User Controlled Privacy Protection in Location-Based Services, Master's Thesis, University of Maine, 2003). The suggested interface allowed users to be notified of the location and personal information exposure needed to take advantage of wireless services and allowed the user to set preferences, such as controlling who might contact the device user and by what methods (e.g., voice, text, video), the precision of the position and the time of the location of the user that might be exposed to businesses and to various user-defined categories of acquaintances, and the detail of data and time limits for storage of data by the service provider. All these decisions would be under the control and at the option of each user rather than under the control of the service provider. This work demonstrated that a practical design alternative does exist that would support autonomy of the individual by giving consumers the power to readily control their own information exposure. This particular research did not pursue in depth the issue of providing incentives or benefits for industry if companies redirected their approaches in this direction.

Another approach addressed the protection of personal information privacy in pervasive radio-frequency identification (RFID) tag environments (Eva Hedefine—Personal Privacy Protection within Ubiquitous RFID Environments, Master's Thesis, University of Maine, 2006). The assumption in this work is that we are rapidly entering a world where RFID readers will be as pervasive as security cameras, and each of us is likely to be carrying numerous publicly readable passive tags on our clothes and in our wallets as we travel in order to gain the numerous business and social advantages that these tags will provide. Once again, the recommended solution involved an integrated technological and legal solution as the best means of imposing controls to ensure a morally defensible publicly deployed system. In this instance, however, the recommendation is that legislation should be passed to drive technology to achieve the desired results of protecting personal information privacy while simultaneously allowing appropriate surveillance for security purposes. The legislation recommended takes the constitutionally defensible approach of a "do-not-link-to-identity" centralized list with wireless technologies developed to allow users to override their identity protection on the fly in instances where they want to gain a service that requires identity verification. The code controls would be imposed primarily within the RFID networked communication architecture rather than in the handheld devices or active sensors carried by consumers. One conclusion of this research was that the public goods aspect of generally deployed privacy protection for the public would prevent an appropriate market solution. To achieve a morally defensible solution would require an appropriate legislative mandate from the government to drive the development of infrastructure technologies in the appropriate direction.

The point of the preceding examples is to illustrate that the technological solutions advocated are ethically, legally, and marketplace situated.


All of our individual information resources ultimately will be part of a globally connected communication and interchange network. It makes sense in this evolving technological reality to think of ourselves as global citizens in addition to citizens of our local communities, nations, and professions and members of our business or government organizations. Implementers of geographic information systems, geospatial technology code writers, and builders of geographic databases and spatial data infrastructure need to be responsible, prudent, and comprehensive in incorporating basic moral values into the geospatial infrastructure we help create. Not only is this the right thing to do, but geospatial technology designs and information system implementations that are morally defensible are also far more likely to be mutually supported internationally by governments and to survive and thrive in the long term within the global marketplace.

About the Author

Harlan J. Onsrud is professor of spatial information science and engineering at the University of Maine. His research focuses on the analysis of legal, ethical, and institutional issues affecting the creation and use of digital databases and the assessment of the social impacts of spatial technologies. He is a licensed engineer, land surveyor and attorney and currently chairs the Socioeconomic Data and Applications Center (SEDAC)User Working Group, a Distributed Active Archive Center (DAAC) in the Earth Observing System Data and Information System (EOSDIS) located at the Center for International Earth Science Information Network (CIESIN), Columbia University. He is editor of Research and Theory in Advancing Spatial Data Infrastructure Concepts (Esri Press, June 2007).

More Information

For more information, contact Harlan J. Onsrud (e-mail:

See also GIS Best Practices: Essays on Geography and GIS

Contact Us | Privacy | Legal | Site Map