WASHINGTON — A northern Minnesota woman seeking refuge from her abuser walked into a domestic violence shelter inside a county building in northern St. Louis County. Within five minutes, she got a text message from her abuser, asking why she was there.
Terrified, she filed for an order of protection against him, and with the help of a victim’s advocate went to a local courthouse to do it.
Just after she filed for protection, another text message arrived on her smart phone. Again from her abuser, this time asking her pointedly why she was in the courthouse and if she was filing an order of protection against him.
“The only device the woman had on her was her smart phone,” officials from the National Network to End Domestic Violence and Minnesota Coalition for Battered Women wrote to Sen. Al Franken. “They later concluded that her abuser was tracking her via a location tracking application or service on her phone.”
That was the first testimony Franken received after he called for a hearing on location tracking in smart phones, following the revelation that both Apple and Google-backed smart phones have stored location data in unencrypted formats.
And that’s the sort of horror story lawmakers say they want to prevent as they consider legislation specifically directed at location-specific data on smart phones.
On the other hand, whole industries that couldn’t have existed 10 years ago have sprung up thanks to smart phones being able to determine their own locations.
Walk down Nicollet Mall in Minneapolis and an app can tell you that the specific Target near you is having a sale, or get a coupon for half off an entrée at Brit’s Pub. Post your location on Foursquare, and perhaps you’d find out that a friend you haven’t seen in months is just down the way at the Dakota Jazz Club.
If you run into trouble and call 911, your phone knows roughly where you are and can direct emergency responders directly to you. And if you’re lost, Google Maps and other similar GPS-based software can not only tell you where you are, but give you directions to where you’re going.
“The whole thing for me is about striking the right balance,” said Franken, hours after wrapping up a hearing on privacy and mobile technology.
“I think everyone kind of agreed that there are problems,that the balance is out of whack, and we need to do something to adjust the balance — the question is what does that entail?”
Aiming for balance
Franken’s hearing was called after it was discovered that location data tracked by phones was being stored in unencrypted formats. As such, it was relatively easily accessible to anyone who cared to try and get it, which can be both a good and very bad thing. Those problems have now been or are being corrected, industry representatives said.
“Misuse of that kind of data can have real consequences for consumers,” said Jessica Rich, deputy director of the Bureau of Consumer Protection at the Federal Trade Commission.
“If it falls into the wrong hands it can be used for stalking. Often talk about teen and children info. It’s collected over time — you can also tell what church they’ve gone to, what political meetings they’ve gone to, when and how they walk to school.”
But on the other hand, lawmakers seemed fully agreed that any legislation not overreach and stifle a growing industry that provides many benefits to its users, and relies on that location-based data.
So the question then: What legislation can walk down that middle road?
Sen. Patrick Leahy, a Vermont Democrat who chairs the Judiciary Committee, said Tuesday he’s compiling legislation to update digital privacy laws so that they better cover mobile devices. The shape of that legislation is unknown right now
Among the recommendations the Department of Justice said they’d like to see in there: Rules that make it easier for law enforcement to access data that is otherwise made available to third parties, requiring immediate reporting of data breaches; and changing a law that limits some cybercrimes to cases where victims and perpetrators are in different states.
Sen. Tom Coburn, an Oklahoma Republican, said his main concerns are that privacy disclaimers and terms of service are written in “plain English,” rather than “lawyerese.”
Possible legislation from Franken
Franken said he may introduce legislation of his own on mobile privacy.
Among the changes he’s considering: requiring companies who collect users’ personal data to store it securely and make a “good faith” effort to ensure it can’t be hacked.
“Then there might be some kind of law on telling people that you’re going to share something with third parties — if you’re going to share with third parties,” Franken said.
And finally, Franken said he’d like to see Apple, Google and other app store hosting firms require every app developer to have privacy policies of their own for their products. Executives from both Apple and Google told Franken they’d consider implementing those changes on their own.