Sen. Al Franken (D-Minn.) led a Senate Judiciary Committee on Tuesday that included comment on privacy in technology from a number of government regulatory and legal agencies, as well as representatives from Apple and Google. While it would be difficult to say that any hard conclusions were reached, the complexity of the issue before lawmakers and technology providers was evident.
Franken convened the committee in response to recent findings that showed Apple’s iPhone was collecting and storing users’ detailed location data. A broad range of inquiry was undertaken during the proceedings, including everything from how smartphones collect data to a solicitation for suggestions on how better to protect consumers and their data.
“The answer is not the end of all location-based services,” Franken stressed.
Franken thanked Apple and Google for agreeing to testify at the hearings and praised the companies as “brilliant.” He said the hearings were aimed at “addressing a fundamental shift in… who has our information and what they’re doing with it.”
Sen. Patrick Leahy (D-Vermont), author of the Electronic Communications Privacy Act (ECPA), was on hand. He said that in light of the swiftly changing nature of technology, ECPA would have to be revised and hoped the hearings would offer guidance as to how to best “fill gaps” that had formed in the legislation.
There was no shortage of ideas and advice, although some of it came across a bit confusing.
Franken tried to clarify some inconsistencies evident in how Apple responded to the most recent revelations regarding its use of users’ location information. While CEO Steve Jobs denied Apple collects location information at all, the company later agreed that it did, attributing the collection to a software bug, which it has since addressed in a firmware update to iOS.
Guy L. “Bud” Tribble, vice president of software technology for Apple, tried to make the distinction between collecting the location of available cell towers and Wi-Fi hotspots to the phone, as a way of triangulating location, versus downloading exact coordinates via GPS.
“Apple responds to all concerns about privacy that may arise,” Tribble said. “Apple was never tracking individual’s location. The location data gathered was not the location of the iPhone, but about the hotspots and cell towers nearby,” he insisted, adding that the phone is then able to figure out where it is using that information.
Tribble went on to say that Apple discovered a bug while investigating the matter that allowed the data to be updated even when the location master switch was off. He said that this problem has been addressed in the most recent iPhone firmware update and that in the next update, the location cache will be encrypted.
Google didn’t get off easy today. Sen. Richard Blumenthal (D-Conn.) zeroed in on the recent Spy-Fi controversy surrounding Google’s collection of users’ personal information while recording photographs for its Street View product. Trust, Blumenthal said, is at the root of consumers’ providing information to companies via their smartphones.
Blumenthal made the case that Google has completely denied having knowingly collected data while taking pictures for its Street View product, asking Alan Davidson, director of public policy, Americas for Google, to recognize a patent that had been placed into evidence. The patent was for the collection of personal information in a strikingly similar matter to that in which the data in Spy-Fi was collected.
Davidson reiterated Google’s position on the matter. “It was not the company’s policy or intent to collect that information. People at the company were surprised and embarrassed to find out we had collected that information,” he said.
Perhaps the overriding theme of the day was the idea of “Privacy by Design,” a term that the public could be hearing a lot more. Essentially lawmakers hope to draft rules, guidelines and ultimately legislation that pushes technology companies to think about privacy from the very beginning of their designs. They would be asked to use only the information that is critical to providing their services, to share it with only those to whom the consumer has consented and to keep it only as long as absolutely necessary.
Justin Brookman, director for the project on consumer privacy at the Center for Democracy and Technology, commented that much of the information that was compromised in Sony’s latest breach was old information, credit card numbers and other personal information that was no longer being used.
Ashkan Soltani, independent researcher and consultant and contributor to the Wall Street Journal’s “What They Know” series, said that perhaps the biggest threat to privacy is the consumer’s own ignorance of how their information is gathered and kept. “The biggest threat today is that consumers are repeatedly surprised. Platforms aren’t taking sufficient steps to make this clear to consumers,” he said.