MinnPost photo by Jay Weiner
Sen. Al Franken
WASHINGTON — In April, researchers released a study that accused Apple of logging iPhone and iPad users’ locations in unencrypted files on the devices without telling its customers. At the time, Sen. Al Franken and his staff were prepping for the first hearing of a new Judiciary subcommittee he was chairing, and the timing of the researchers’ study couldn’t have been more perfect.
Days later, Franken announced the first-ever hearing of the Subcommittee on Technology, Privacy and the Law, entitled: “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy.”
It was a coincidence befitting the new committee Franken has chaired this year and the issue he’s embraced this session — helping the government protect individuals’ private information during a time of explosive technological growth.
“Our technology has been just evolving at such a rapid pace and the law hasn’t been keeping up with it,” he said. “The groundwork I’d like to lay is that Congress is starting to keep pace with technology and how it impacts people’s privacy.”
Franken’s latest target is software developer Carrier IQ, which is alleged to have improperly stored and disseminated smartphone users’ private information — everything from their locations to text messages and Internet browser URLs.
Franken wrote the company’s leadership two weeks ago asking for more information on their operating procedures, and asked six major communications companies how they use the data they receive from cell phone software. Responses are due to Franken this week.
Franken has sponsored one major bill, held two subcommittee hearings and written a handful of letters related to data privacy this session. His subcommittee has investigated location services offered on mobile phones and how to best store digital medical records. He’s challenged companies from OnStar to Apple to improve their digital privacy services and he said his next foray could be into the realm of facial recognition.
It’s a huge topic to tackle, but one that data privacy advocates say is long overdue for Congress.
“We’d like to see more pressure on the industry to do the right thing,” said Justin Brookman, the director of the Center on Democracy and Technology’s Project on Consumer Privacy.
Privacy advocacy
As technology becomes more advanced and users cede more personal data to the companies, willingly or not, the question of what users should reasonably expect to remain private has become especially pertinent.
Franken has taken up the task of trying to find a balance between allowing the use of information people create and preserving a certain level of privacy for users. He said he’s been influenced by Goodwin Lu, President Obama’s judicial nominee blocked by the Senate, who champions the legal theory of a “living Constitution:” the interpretation of laws should be allowed to change depending on the circumstances of contemporary society.
“The Founding Fathers didn’t know there would be phones,” Franken said. “When they wrote the Fourth Amendment, they didn’t know whether a phone tap would be an illegal search and seizure. So the court ultimately had to decide whether it was and whether the government had to get a subpoena to do a phone tap.”
But it’s not only the government that should have limits on what data it can use, but private enterprise, Franken said. His main piece of data privacy legislation, the Location Privacy Protection Act, would require companies that track users’ locations to first receive permission to do so. It also bans the sale of so-called “stalker apps,” which provide customers with information about another person’s whereabouts or what they’re doing on a mobile device.
Beyond legislation, Franken has also pressured technology companies to improve privacy measures on their own. This session he’s written letters to tech giants like Apple and Facebook insisting they limit the amount of private information they cull without users’ consent. In one case, he and Delaware Sen. Chris Coons wrote OnStar asking the navigation and roadside assistance company to back off its plans to log the locations of current and former subscribers and sell the data to third parties. The company later dropped the plan.
“Technology is one of the places where the law does have to keep up because technology changes and it changes of the context of things,” Franken said. “What do we, as a people, agree that we have rights to protect? What have we become accustomed to having protected?”
Finding a balance
Companies who glean the information Franken is trying to protect do use it for plenty of legitimate purposes. Google tailors users’ search results based on what they’ve searched for in the past; Amazon can scan your purchases and recommend other products based on what others have purchased, and so on.
Disrupting this flow of information has the potential to derail what makes the digital economy run, Emory University economics professor Paul Rubin said. If companies can’t utilize user information to improve its offerings, it could hurt consumers as well.
“It’s hard to come up with anecdotes about people being harmed by legally using information,” Rubin said.
The industry is hesitant to change it data collection habits, data privacy researcher Ashkan Soltani said. The widespread use of data might lead some customers to shy away from an opt-in plan like Franken’s. Since customers are unaccustomed to just how much information companies track (and, by extension, what that information is used for), an opt-in agreement might highlight companies’ activities which can often be seen as “creepy” and scare them off, he said.
“Companies are realizing that data has quite a lot of value,” Soltani said.
But the very fact that lawmakers are putting an emphasis on data security has already forced companies to change their habits, Soltani said. When a company mishandles personal information, like Carrier IQ, they’re going to receive the public shame that comes with a congressional inquiry into their habits. The Carrier IQ scandal wouldn’t have had nearly has much punch even a few years ago, he said.
For Franken, the goal is to find a path that is agreeable for both business and consumers.
“I think its probably pretty commonsensical,” he said. “I don’t know what percentage of people care or don’t care [about their private information], but they should know what they’re getting into. And I think the business model survives.”
Devin Henry can be reached at dhenry@minnpost.com. Follow him on Twitter: @dhenry
Related
I don’t like companies keeping track of what I do or look at or buy online. Then I am targeted for specific items that I don’t want, my box is full of messages I don’t want, and I haven’t asked them to keep these records. It creeps me out.
I think Franken also needs to turn his attention to another issue of civil rights, and that is the part of the National Defense Authorization Act that allows the indefinite detention of Americans on American soil.
He voted for it before (so did Klobuchar). They need to correct themselves now.
Email and call both of them.
Here it comes.
“HI; I’m here from the government, and I’m here to help”..
🙁
Franken has the right idea, but the wrong target. We need someone out there providing data security against the government, not private industry.
If XYZ Motor Corp is spying on you using the GPS in your phone, the worst you might expect is spam e-mail reminding you to change your oil.
Big brother will send an armed associate for a face to face interview to find out why your tax forms don’t include the details of the trips you’ve been taking to the casino every weekend.
Republicans too, are concerned about privacy!
The Republican booth at the fair took a sloppy survey.
The results say 440 people marked that “privacy” checkbox first!
Means they should be happy that Net Neutrality is an issue championed by Senator Franken!
What makes you want to slice & dice privacy so cavalierly? Hmm.
You are worried ONLY about the government – but what kind of information did you have to provide in some of the business sites you’ve visited?
Who gets hacked most often:
The government, or the slapdash website your neighborhood business put up?
The recently hacked businesses which likely compromised your credit cards should answer that.
@#3
You think so, eh? What if “Big Brother” doesn’t bother to track your trips to the casino, but rather purchases that information from XYZ Motor Corp? Hey, fair’s fair in business, right?
Corporations are no more or less trustworthy than governments.
The Patriot Act is all we need to know about the loss of privacy and personal liberty.
The operative thesis here – that you still have some privacy left to protect – would be a laugh, if it weren’t so tragically pathetic.
Currently, electronic communications of any and all kinds and types are routinely collected, scanned, and stored. Just to be clear, this means ALL telephone conversations, ALL internet sessions, ALL Tweets, ALL Facebook activity, ALL emails, etc. etc.
By whom, exactly? And where are these people? How much does it cost? What good has come of the extinction of U.S. citizens’ privacy? How would you know if this information were being used in an unlawful manner?
Ask these questions of any U.S. Senator or Congressman. Even they, who voted this into law and just recently voted for it again, can’t give you an honest answer, because they don’t know. They’re not supposed to know. They’re only supposed to vote for it, for alleged national security reasons. And these days, when you allege national security is at issue, whether true or false, the brains of these elected ones turns to the consistency of oatmeal.
For a Senate which has authorized the extinction of privacy to NOW turn around and pretend to be acting in defense of privacy is a near-perfect expression of their duplicity.