Thoughts on the Senate Mobile Privacy Hearing

Senator Al Franken invited Apple, Google, some government officials and a few other key people related to the mobile phone industry to the US Senate in order to get to the bottom of the phone location tracking debate. I watched the 2 1/2 hour long hearing via the live-blog Nilay Patel did for the US Senate mobile privacy hearing. Here’s a brief summary and my initial reactions.

Summary of Events Leading to the Senate Hearing

Franken expressed concern a few weeks ago when it came to light that Apple had been keeping an unencrypted database of location information on iOS devices. This database resided on the phone as well as any computer that device was backed up to. It was also discovered that Google had been tracking location information on its Android devices. Apple has stated that the database was for the purpose of crowd-sourcing location information using Wi-Fi hotspot and cellular tower triangulation in order to lock on to a device’s GPS location more quickly. Apple has since released an update that stops loading location data into the cache when the Location Services setting is off. They also plan to encrypt the database in the next major iOS update – likely in iOS 5.

The Hearing

The key industry people in attendance at the hearing were Justin Brookman, Director of the Project on Consumer Privacy, Alan Davidson, Director of Public Policy at Google, Bud Tribble, VP of Software at Apple, Ashkan Soltani, a consultant, and Jonathan Zuck, President of the Association for Competitive Technology.

Nilay pointed out that Google sent their Director of Public Policy (i.e. lobbyist) as a representative while Apple sent a software engineer. It was very clear from the testimony that Google had more to worry about. Google’s Davidson mostly avoided answering the Senators’ questions directly and kept rebutting with the same weak argument – “we are open” – as if that absolves the company from any wrongdoing. Davidson has a good career ahead of him in politics since he demonstrated being a master of the non-answer.

Meanwhile, Apple’s representative, Bud Tribble, made a good effort answering most questions but still deflected some. The key difference between the two was clear: a software engineer was the better choice to explain the technicalities and logic of using location information while a public policy VP is mostly good at smooth-talking the audience. At least Apple’s methodology and reasoning for tracking was mostly explained while Google’s remains shrouded in mystery thanks, rather no thanks, to Davidson.

Even though Apple claims they do not track an individual user’s location, it’s hard to swallow given Soltani’s testimony. He showed that using timestamps and only Wi-Fi hotspot data, that a user’s path of travel can be traced chronologically with a degree of accuracy of up to 100 feet. Soltani’s testimonies, found at the end, are very thorough and a must-read. Apple’s defense has the feeling of: “it depends on what your definition of ‘track’ is.” The company maintains that they do not know an individual’s location, rather it is anonymized for crowd-sourcing location data.

Ashkan Soltani demonstrated the high degree of location accuracy using only Wi-Fi hotspot data

When it comes down to it, there is a relatively simple solution for the industry to cover their asses regarding mobile privacy. Apple’s notoriously rigorous App Store approval process and guidelines for developers use of location services are not flawless, but a step in the right direction. Apple should automatically build the location dialog box question into any app that requests location info. Currently, they are doing random checks to see if developers comply and this clearly isn’t working. Google’s approach is to ask the user about location sharing when he first sets up the phone but it remains unclear when and how location information is subsequently made available to applications. This is a really bad policy. They claim they are trying to be as open as possible (Davidson’s catch phrase today) but Android’s “wild-west” marketplace, though open, could use some oversight when it comes to approving location-based apps.

Both companies, and the rest of the industry for that matter, should disclose to users more explicitly and concisely the how, why and when of mobile device location tracking. Franken closed the hearing seemingly frustrated that neither company fully answered the questions surrounding the use of location data. One of the Senators Senator Charles Schumer even demanded follow-up answers within a month from both companies.

I’m curious to see how the main stream media will skew this story since it is a relatively complex issue if you are outside of the geek realm and don’t understand technical terminology. Conspicuously missing today were representatives of the wireless industry. They are certainly not off the hook with this issue. I suppose the Senate is taking one step at a time. Finally, the big loser today was Google, who raised even more questions. Next time they might try sending someone capable of providing simple, straight answers.

Soltani responded to Sen. Franken’s question about the most serious privacy threat:

The biggest takeaway is that consumers are repeatedly surprised. To the degree that companies aren’t being clear about who might get this data, that’s a problem. Consumers don’t know what apps need what kinds of data. We need improved transparency on this stuff, and we need improved definitions of what “opt-in” and “opt-out” mean, as well as what “location” is — is it within 20 feet?

Sen. Franken’s closing remarks:

The people have a right to know what information they’re sharing, with who, and how that information is shared and used. After this hearing I still have serious doubts about how that information is protected in law and practice. We need to address this, and we need to address this now — mobile devices will soon be the dominant way we access information.

This issue is far from over and the industry would gain the goodwill of US lawmakers, not to mention consumers, to proactively address mobile location tracking before the heavy hand of the law comes crashing down.

Resources:

Soltani’s oral testimony [PDF]

Soltani’s written testimony [PDF]

Al Franken’s summary of the hearing and more prepared statements from panelists

Nilay Patel’s transcript of the hearing on This is my next…

Updated at 18:15 to add more specific details and quotes

James Britton

James first bit into Apple when his mom and dad bought an Apple IIe in 1986. He switched to Wintel in the mid 90s when Apple was in a tailspin and back again to an iBook in 2005 when things were looking brighter. Hopefully there is no turning back to the dark side now.