WASHINGTON — In April, researchers released a study that accused Apple of logging iPhone and iPad users’ locations in unencrypted files on the devices without telling its customers. At the time, Sen. Al Franken and his staff were prepping for the first hearing of a new Judiciary subcommittee he was chairing, and the timing of the researchers’ study couldn’t have been more perfect.

Days later, Franken announced the first-ever hearing of the Subcommittee on Technology, Privacy and the Law, entitled: “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy.”

It was a coincidence befitting the new committee Franken has chaired this year and the issue he’s embraced this session — helping the government protect individuals’ private information during a time of explosive technological growth.

“Our technology has been just evolving at such a rapid pace and the law hasn’t been keeping up with it,” he said. “The groundwork I’d like to lay is that Congress is starting to keep pace with technology and how it impacts people’s privacy.”

Franken’s latest target is software developer Carrier IQ, which is alleged to have improperly stored and disseminated smartphone users’ private information — everything from their locations to text messages and Internet browser URLs.

Franken wrote the company’s leadership two weeks ago asking for more information on their operating procedures, and asked six major communications companies how they use the data they receive from cell phone software. Responses are due to Franken this week.

Franken has sponsored one major bill, held two subcommittee hearings and written a handful of letters related to data privacy this session. His subcommittee has investigated location services offered on mobile phones and how to best store digital medical records. He’s challenged companies from OnStar to Apple to improve their digital privacy services and he said his next foray could be into the realm of facial recognition.

It’s a huge topic to tackle, but one that data privacy advocates say is long overdue for Congress.

“We’d like to see more pressure on the industry to do the right thing,” said Justin Brookman, the director of the Center on Democracy and Technology’s Project on Consumer Privacy.

Privacy advocacy
As technology becomes more advanced and users cede more personal data to the companies, willingly or not, the question of what users should reasonably expect to remain private has become especially pertinent.

Franken has taken up the task of trying to find a balance between allowing the use of information people create and preserving a certain level of privacy for users. He said he’s been influenced by Goodwin Lu, President Obama’s judicial nominee blocked by the Senate, who champions the legal theory of a “living Constitution:” the interpretation of laws should be allowed to change depending on the circumstances of contemporary society.

“The Founding Fathers didn’t know there would be phones,” Franken said. “When they wrote the Fourth Amendment, they didn’t know whether a phone tap would be an illegal search and seizure. So the court ultimately had to decide whether it was and whether the government had to get a subpoena to do a phone tap.”

But it’s not only the government that should have limits on what data it can use, but private enterprise, Franken said. His main piece of data privacy legislation, the Location Privacy Protection Act, would require companies that track users’ locations to first receive permission to do so. It also bans the sale of so-called “stalker apps,” which provide customers with information about another person’s whereabouts or what they’re doing on a mobile device.

Beyond legislation, Franken has also pressured technology companies to improve privacy measures on their own. This session he’s written letters to tech giants like Apple and Facebook insisting they limit the amount of private information they cull without users’ consent. In one case, he and Delaware Sen. Chris Coons wrote OnStar asking the navigation and roadside assistance company to back off its plans to log the locations of current and former subscribers and sell the data to third parties. The company later dropped the plan.

“Technology is one of the places where the law does have to keep up because technology changes and it changes of the context of things,” Franken said. “What do we, as a people, agree that we have rights to protect? What have we become accustomed to having protected?”

Finding a balance
Companies who glean the information Franken is trying to protect do use it for plenty of legitimate purposes. Google tailors users’ search results based on what they’ve searched for in the past; Amazon can scan your purchases and recommend other products based on what others have purchased, and so on.

Disrupting this flow of information has the potential to derail what makes the digital economy run, Emory University economics professor Paul Rubin said. If companies can’t utilize user information to improve its offerings, it could hurt consumers as well.

“It’s hard to come up with anecdotes about people being harmed by legally using information,” Rubin said.

The industry is hesitant to change it data collection habits, data privacy researcher Ashkan Soltani said. The widespread use of data might lead some customers to shy away from an opt-in plan like Franken’s. Since customers are unaccustomed to just how much information companies track (and, by extension, what that information is used for), an opt-in agreement might highlight companies’ activities which can often be seen as “creepy” and scare them off, he said.

“Companies are realizing that data has quite a lot of value,” Soltani said.

But the very fact that lawmakers are putting an emphasis on data security has already forced companies to change their habits, Soltani said. When a company mishandles personal information, like Carrier IQ, they’re going to receive the public shame that comes with a congressional inquiry into their habits. The Carrier IQ scandal wouldn’t have had nearly has much punch even a few years ago, he said.

For Franken, the goal is to find a path that is agreeable for both business and consumers.

“I think its probably pretty commonsensical,” he said. “I don’t know what percentage of people care or don’t care [about their private information], but they should know what they’re getting into. And I think the business model survives.”

Devin Henry can be reached at dhenry@minnpost.com. Follow him on Twitter: @dhenry