Apple and Google Answer Tough Questions From Senators on the Location Brouhaha
Sen. Al Franken’s hearings on the recent concerns around smartphones and location-based data are underway in Washington D.C. I’m monitoring the action and will be liveblogging when Apple’s Bud Tribble and Google’s Alan Davidson come to the microphone.
Tribble is expected to re-iterate Apple’s position, summarized in a recent statement and in an interview Apple CEO Steve Jobs did with Mobilized’s Ina Fried that it has no intention to collect location data over the long term, nor to make money from it.
It will be Google’s first significant comments since making a short comment on the subject on April 22.
8:07 am: The hearings are underway and we’re hearing comments from officials at both the U.S. Federal Trade Commission and the U.S. Department of Justice.
8:10 am: Sen. Franken is introducing the second round of panelists. They are:
Justin Brookman, Director, Project on Consumer Privacy at the Center for Democracy and Technology
Alan Davidson, Director of Public Policy, Americas, Google
Ashkan Soltani, Independent Researcher and Consultant
Guy L. “Bud” Tribble, Vice President of Software Technology, Apple
Jonathan Zuck, President of the Association for Competitive Technology
Soltani is up first. He worked with The Wall Street Journal on the “What They Know” series.
Soltani: The process by which a device’s location is determined can expose that data to many third parties. Smartphones send data to Apple and Google quietly, even when location services are not being used. This is the default behavior.
Now he’s summarizing the findings around location data on the iPhone.
8:17 am: Brookman is up next. He says smartphone apps can access a far broader range of personal information–via access to a camera or microphone on a phone–than can applications on the Web. Meanwhile, requirements are weaker with regard to phones than they are on the Web.
8:21 am: Brookman: Companies can get in trouble for overtly lying about how they use the data, and so they often choose to say nothing at all.
8:23 am: Apple’s Bud Tribble is up.
Tribble: Apple is deeply committed to protecting the privacy of our customers. We do not share personal information with third parties without our customers’ specific consent. And we make our partners agree to certain strictures around protecting their privacy.
Tribble: Using stored information can speed up determining its location. Apple maintains a crowdsourced database of Wi-Fi hot spots and cell towers.
Tribble: By design, Apple gives customers control, and has built a master location switch. Users simply switch the location services switch off. When off, the device will not collect location information. Apple does not receive any data without first obtaining consent from a simple pop-up box. The pop-up box is not optional.
Tribble: Apple responds to all concerns about privacy that may arise. Apple was never tracking individuals’ locations. The location data gathered was not the location of the iPhone, but about the hotspots and cell towers nearby. It was protected from access by other apps on the phone.
Tribble: While we were investigating the cache we discovered a bug that allowed the data to be updated even when the location master switch was off.
Tribble: Apple is committed to giving customers strong and clear choices in how their data is used. We share the committee’s concerns about collection and privacy of customer data, especially location.
8:28 am: Google’s Alan Davidson is now up.
Davidson: We have made our location services opt-in only.
Davidson: When I first took my Android phone out of its box, one of the first screens I saw–in plain language–was whether or not to share location information with Google. If the user doesn’t choose to turn it on at setup, the phone will not send any information back to Google’s service. If they opt in, the data is anonymized. And users can turn it off later. Also, we require third party application makers to inform users if they’re going to use location data.
Davidson: We believe in the importance of location based services. These services can be convenient, but can also save lives. We have only scratched the service of what is possible.
Davidson: Mobile services may soon be able to help people in the path of a tsunami. He also mentioned some work around Amber Alerts.
Davidson: A critical area for Congress is the issue of government access to a user’s sensitive information. We live under a 25-year-old access law. Most Americans don’t understand that that data doesn’t have Fourth Amendment protection. Relevant laws need an update.
8:33 am: Now Zuck is up.
Zuck: You only need to watch a television commercial to understand that the fact of mobile computing is the applications.
Zuck: Location-based services and advertising offer opportunities for local small businesses. They can reach customers at the exact time that a purchase decision is being made. It’s a $4 billion market now, and could be $38 billion by 2015 (or did he say 2013?).
Zuck: We’re in a period of rapid innovation and experimentation.
Zuck: There’s a whole lot of data. To focus so much on a particular type of data would cut off our noses to spite our faces.
Zuck: There are myriad laws in place to address privacy concerns. Even the use of antitrust law has been used in the past to address privacy concerns.
Zuck: Once a week there is some big company news. Examples: Sony and Epsilon are what concern consumers, while smaller companies end up dealing with the implications of new laws and rules that result.
8:38 am: Now time for questions from the senators. First is Franken to Tribble.
Franken: Quoting CEO Steve Jobs saying the data is collected about hot spots and cell towers a hundred miles away, while the written statement helps determine the phone’s location quickly. Does this location determine your location or doesn’t it?
Tribble: That data doesn’t contain any customer data at all. However, when a portion of that database is downloaded to your phone, it knows which hot spots and cell towers it can receive right now. This is how the phone figures out where it is without GPS.
Franken to Soltani: When it came out that both iPhones and Android phones were sending data, they both said yes we’re getting locaiton but not your location. Whose location is it? Is it accurate? Anonymous? Can it be tied back to individual users?
8:42 am: Soltani: This data is related to your device or somewhere near it. For the average user it’s about 100 feet.
Soltani is comparing location determined both by GPS and via Wi-Fi geolocation. The difference was about 20 feet. The files in the database contain timestamps so they can be used to create a trail about you.
Franken to Brookman: My wireless company, and companies like Apple and Google, all get my location or something close to it. In a variety of cases under current law, any of those entities may diclose my location to third parties without my knowing it and without my consent. Is that correct?
Brookman: The default behavior is that you can do whatever you want. For most players in this space it would be hard for them to be required not to share data.
Davidson: At Google we have tried to maximize the openness of the platform. We had relied upon a permissions-based model. You’re asking about the next step, which is whether we put requirements on applications. I will take that back to management. I think it’s a good suggestion.
Tribble: He’s explaining Apple’s use of icons in the user interface, and how it puts information and feedback to the user about how their information is being used.
8:49 am: Sen. Blumenthal from Connecticut is up. He says he wants to focus on the issue of trust, which he says goes to the core of what Apple and Google do with the acquiescence of customers.
Blumenthal is asking about the Wi-Spy scandal, relating to the collection of data collected in the process of building Google Maps.
Blumenthal is grilling Davidson a bit about the collection of data via Wi-Fi. He’s asked Davidson to look at a patent application concerning the use of payload data to build a map.
Davidson: It was not the company’s policy or intent to collect that information. People at the company were surprised and embarrassed to find out we had collected that information.
Blumenthal: Why would the company submit a patent application around that very idea?
Davidson: We submit patent applications for many things. Often they are speculative.
Blumenthal: The payload data would be useful in creating a wireless network map, would it not?
Davidson: I would say no. It’s not obvious that small snippets of a few seconds of data recorded in the clear while driving by would be useful.
Blumenthal to Tribble: Would that be valuable to you?
Tribble: Not sure how valuable it would be. We don’t collect it. I checked with the engineering group, they’re not sure how they would do that.
Brookman: My instinct is that it would not be useful to get payload information. I don’t believe the content of the information would be valuable at all.
Soltani: I would concur with Brookman. Google collects information about the hotspot, including the unique MAC address for that hot spot.
Blumenthal: What plans do you have to use or dispose of that information?
Davidson: We are talking to regulators around the world. Our intent is to answer all the questions of any regulator fully. We do not intend to use this data.
Davidson: It was not illegal to collect, but it was not our intent to collect it.
Blumenthal: If it were not illegal, don’t you think it should be?
Davidson: It raises a complicated question about responsibilities toward what is broadcast in the clear.
8:58 am: Sen. Coburn, Oklahoma: Question to Apple and Google. How do you know that third party developers don’t misuse data?
Tribble: Apple curates the apps that are in the store. They are in the Apple app store. We have requirements for the developers. What we do is we examine apps. We dont look at the source code. We examine them before we put them in the app store. If they don’t meet our requirements… Once they are in the app store we do random audits. We don’t audit every single one. But we do random audits. We examine the network traffic used by that app. If we find an issue through that means or public information or an active community of app users we will investigate. If we find a violation of our terms, we contact the party. If they don’t fix it, we remove the app within 24 hours.
Tribble: The overwhelming common case is that app developers are incented to stay in the app store. Normally they insert a pop-up telling customers what they are doing.
Davidson: We have tried to maximize openness. We use the power of the device itself to make sure that people know what their information is doing. We tell people what information that app wants access to. We don’t try to go back and try to make sure that every app does what it says it does. We are trying to maximize the ability of small developers to get their apps online.
Coburn: Is there a long statement or a short one?
Davidson: It is plain language, usually no more than a single screen. I have seen applications that I have rejected. Why does my Solitare program need access to my contact database? It doesn’t, so I reject it.
9:03 am: Davidson: There are really valuable services out there. Sometimes it’s for people to serve ads better.
Tribble: There are a variety of reasons that a third party may want that data. We feel its important for the developers to tell users.
Sen. Whitehosue (not sure what state he’s from): We’re in a very new area. What is our takeoff point? Where are we now and where should we go? He wants a longer answer on this in writing.
Whitehouse: If you want to sell pharmaceuticals in this country you have to disclose risks. If you want to sell stock you have to make filings to the SEC. In all those cases we’re trying to create an open market, as open as possible, but not so open that people are taken advantage of.
Whitehouse: We make sure that the boundaries we establish are the boundaries of safety. That’s the question we have to be focusing on. Some of these things you want, and you’re choosing them. Some of them ride along with that. What does a 14-year-old know about all these choices? How informed is that choice?
Davidson: You can easily go back and change your mind on the settings.
Whitehouse: But you have to be aware of it. So if you’re not aware that someone is selling your location information, you don’t get a chance to change that.
Davidson: We believe that users need to understand that. We’re trying to increase openness. Our approach is not no holds barred. The question is where is the appropriate way. We’re trying to strike the right balance and educate consumers.
9:10 am: Whitehouse: Google is in a better position to know than a 17-year-old who has been told this is a cool app to load.
Whitehouse is now talking about botnets on the PC. If someone wants to take control of your computer and slave it to a botnet, they will find a way to do it. Most people are careful enough to know not to open attachments. There are some things for which a high failure rate is not enough. If someone is putting these apps up not for the stated purpose but for an ulterior motive then that’s a problem.
It seems to me there ought to be some line we need to draw where people aren’t in a position to agree to certain things. I think we need to consider a little more what our model is going to be. I have not heard a model that convinces me that it protects the consumer. He’s worrying not only about privacy and the possibility for mobile malware.
9:14 am: Sen. Charles Schumer of New York is now up.
Schumer: We wrote letters to your companies about dangerous apps sold in app stores that allow drunk drivers to avoid police checkpoints.
Schumer says that RIM, when notified, pulled a similar app down. Apple and Google have not, he says. He’s asking Tribble and Davidson about it.
Davidson: We take it seriously. We have a policy that on our application market, where we try to maintain openness, we do have a set of content policies. Although we need to evaluate each app separately, this would not be a violation of our policy.
Schumer: Would you allow an app that contains directions to make methamphetiamines?
Davidson: Not those that contain content about violation of the law.
Schumer: No one is disputing fairly open. My view is that even under your present terms, this app would fit. Why would you not change the policy to include specifically?
Davidson: We have a set of content policies. It’s a question we’re actively discussing. I’ll take it back to senior leadership.
Schumer: Do you agree it’s a bad thing?
Davidson: We agree.
Now on to Tribble: Why haven’t you removed it?
Tribble: I share your abhorence of drunk driving. As a physician who has worked in an emergency room I’ve seen what happens from drunk driving first hand (Tribble is an MD? I didn’t know that.)
Tribble: In some cases the police department publishes when and where they are going to have a checkpoint.
Schumer: How many do that?
Tribble: San Francisco published it on the Web. We are looking into it.
Schumer: I would believe that not a single police department would publish live in real time where and when they are doing checkpoints.
Tribble: We’re in the process of looking into it. We will not allow apps that encourage illegal behavior.
Schumer: You’ve pulled one on tasteless jokes. This is worse than that, wouldn’t you agree?
Schumer is asking for an answer from both Apple and Google within a month about these apps.
Franken is back up for a second round of questions. First up is a question for Tribble.
Franken: When you download an Android app you choose on the app itself. iPhone has a master one-time decision.
Tribble: In the case of the app, we encourage and require the app provider to give notice and give consent from the consumer before they do that. We do not provide or attempt to provide technical means in all cases to prevent the app from getting any and all information. However, in the case of location we do make sure that every single time an app asks to get access to that location data. This app would like to use your locaiton, yes or no. Our priorty has been on the sensitive nature of location and to provide measures to notify the user when the app first asks.
9:27 am: Tribble: We require the app to ask the user, but we do not have a technical means to require it. When you start to do that for every piece of information, the screen of yes/no questions becomes very long and complex.
Franken to Tribble: How do you enforce a violation by a third party developer?
Tribble: We tell them they’re going to get yanked. In all cases to date, they fix it.
Franken to Soltani: What’s the most serious privacy threat?
Soltani: The biggest threat today is that consumers are repeatedly surprised. Platforms aren’t taking sufficient steps to make this clear to consumers.
9:32 am: Franken is asking Soltani to describe the findings of The Wall Street Journal’s “What They Know” series. Rather than summarize Soltani’s summary, I’ll suggest you go read it.
Blumenthal is back up. He’s kindly referring to Bud Tribble as Doctor Tribble.
Blumenthal is asking Tribble about notification requirements around data breaches.
Tribble: In general, we think it’s extremely important that information on our servers stay secure. I personally think that if customers are at risk from information that is leaked from servers, I would like to know. If that were to happen, that would be something consumers would want to know about. Tribble says Apple is subject to state law regarding notifying customers about data breaches.
Blumenthal asked Brookman about the still unfolding problem at Sony.
Brookman says he’s not the best person to testify about it.
I’m not sure what Blumenthal is getting at. Sony’s problems are not related to location privacy which is supposedly the subject of today’s hearing.
Franken is back up. Looks like we’re wrapping up.
Franken: Having heard today’s testimony I still have serious doubts as to whether people’s rights are being respected in law and practice. Mobile devices are only becoming more popular. This is an urgent issue we’ll be dealing with.
The hearing is now adjourned.
And that’s it.