Testifying before a congressional hearing in late February, Mike Altschul with the Wireless Association was blunt: Federal mobile phone privacy policy is undefined and the privacy guidelines for location-based services written in 2008 are obsolete.
The hearing on consumer privacy was the fifth in a series that seeks to evaluate and eventually legislate location-based privacy issues. It comes none too soon. The recent flood of location based apps and services has significantly shifted liabilities from mobile carriers to app developers and end-users. As Congressman and hearing chair Bobby Rush of Illinois said, Yesterday there was Facebook, and in the not-too-distant future we will be encountering something more akin to a “Placebook.”
While the Wireless Association works on its 2010 guidelines, and while Congress deliberates, what’s going on with all our geolocation privacy rights? Do we have a right to control what location-based advertisers do with our info once they have it? Do we have a right to ensure that law enforcement and government agencies don’t abuse our easily obtained mobile data streams? Are our children safe? What does social science research say about all these changes?
These are the many questions that this congressional hearing sought to address. Here’s a breakdown:
What does the privacy research tell us?
Lorrie Cranor, direct of CyLab Usable Privacy and Security Laboratory at Carnegie Melon University testified about her research into how end user’s react to the implication of privacy loss due to location-based technologies. She also reported on her survey of the most popular applications and systems.
“In August 2009 we evaluated 89 location sharing applications and systems to determine the types of privacy protections each offered,” she said. “Overall, we found that most of these applications provided fairly limited privacy controls and about a third of them did not provide readily accessible privacy policies on their websites. We reviewed the websites for these applications again in February 2010 and found similar results for the 84 services still in existence at that time.”
Who will have access to our information?
Last Tuesday we reported in our Ads with Eyes post about a report by the Center for Democracy and Technology on advertising abuses that mobile end-users may face. The center is also concerned about abuses of law enforcement and government agencies related to their use of location-based information.
At last week’s hearing John B. Morris, general counsel for the center presented the case for why the Electronic Communications Privacy Act should be updated to protect location information from inappropriate disclosure to government. He highlighted how recent court proceedings and local government surveillance protocols are creating contradictory rulings, unclear jurisdictions and generally snowballing into a fundamental lack of privacy protection for U.S. citizens.
What’s the latest wording of potential new laws and guidelines?
The preliminary language of almost all future U.S. laws begin in hearings such as these. In his testimony, Tony Bernard, VP of Useful Networks, sought to outline some of the most essential elements of this new language.
“In order to derive an end user’s location from any source, the end user must be presented with notice of how, when and by whom location will be used,” he said. Additionally, said Altschul, senior VP and general counsel for the Wireless Association, “Notice must be provided in plain, easily understood language. It must not be misleading, and if combined with other terms or conditions, the portion pertaining to the location-based service must be conspicuous.”
How will kids and young adults be affected?
Anne Collier, Co-Director, ConnectSafely.org testified that new technologies are not as much of a threat to children as we may believe, and the real issue is the quality of parenting and supervision that kids are getting. As far as kids’ potential for future use of location based services, she presented startling data.
“U.S. teens now send or receive an average of 3,146 text messages a month and 9- to 12-year-olds 1,146, according to the latest figures from Nielsen,” she said. “For them, a text isn’t like a phone call, it’s part of a conversation as well as of the ongoing flow (or seemingly 24/7 drama) of school life. But texting is only one of young people’s social tools. There is as yet no data on teens’ mobile social mapping or LBS use, but we know that more than 65 million, or about a third, of Facebook users of all ages currently access the social site through their mobile devices.”
What comes next? At the end of the hearing, Rush said, “In closing, let me state clearly, for the record, and especially for those interested consumer groups, industries, and government regulators who have been monitoring our series of hearings that, with the information we’ll obtain from today’s hearing, we have now learned enough to take the next major step.”
What should that next step be? Are you ready for more clearly defined location-based privacy protections? How can companies who are currently building applications and services keep themselves out of the courts? Do we really need more regulation to resolve this? What do you think?
Hands photo by Monika Leon. D.C. photo by Barb Ballard.