US Congress scrambling to draft 'do not track' laws

Cecelia Kang, Washington Post

Saturday, May 7, 2011

(05-07) 04:00 PDT Washington --

Lawmakers said Friday they will introduce two "do not track" privacy bills that would allow people to block companies from following their activity on the Internet.

The proposals reflect Congress' growing focus on passing first-time privacy laws for all Internet users and updating children's privacy laws as more young people get on the Web through mobile devices.

Web firms generally oppose "do not track" rules, first recommended by the Federal Trade Commission, arguing that companies can create tools to help users manage tracking. Some firms, such as Microsoft and Mozilla, have come up with browser-based privacy controls without government mandates.

In the House, Reps. Edward Markey, D-Mass., and Joe Barton, R-Texas, issued a draft of a children's privacy bill, called the "Do Not Track Kids Act of 2011," which seeks to protect the youngest users from tailored marketing and from the risk of exposing personal information without parents' consent.

The bill specifies that the privacy rules would apply to mobile phone apps, an area unregulated by the federal government. It would require companies to get parental consent to collect location information from children 12 and younger. Teens would have to expressly agree to location collection.

Sen. Jay Rockefeller, D-W.Va., said he would introduce a bill covering all Internet users, making it illegal for websites and marketers to track anyone who had opted out of data collection. The measure would also require companies to destroy user information or make it anonymous once it is no longer useful. The FTC would be in charge of enforcement.

"I've asked for a waiver of Senate ethics rules so I can give Sen. Rockefeller a gift he really needs - an iPad," said Steve DelBianco, executive director of NetChoice, a trade group that represents Web firms including AOL, eBay and Expedia. "The senator can see for himself how interest tracking lets advertisers pay for all those free apps and Web services that regular Americans love to use."

Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/05/06/MNTC1JD50U.DTL#ixzz1LnysO1QK

Internet privacy: At every turn, our privacy is compromised by technology

Internet users must be more aware of the dangers inherent in the services they us3

• Editorial
• The Observer, Sunday 1 May 2011
• Article history
A pattern is emerging. A researcher discovers that a product or service offered by a large (generally US-based) company contains a security flaw or a feature that compromises the privacy of internet users. The revelations are confirmed by other experts across the internet. The company responsible then goes through a predictable series of steps: first, "no comment", followed by indignant denial, then a PR-spun "explanation" and, eventually, an apology of sorts plus a declaration that the bug will be fixed or the intrusive practice terminated.
A recent example was Apple's extraordinary contortions over the discovery that its iPhone was covertly collecting location data and storing it in unencrypted form. But last week also saw the revelation that devices made by TomTom, the leading manufacturer of GPS navigation systems, had effectively been spying on Dutch users and that the aggregated data had been sold to the police in order to guide the location of speed traps.
Before that, there were the revelations that Google's street-mapping camera cars were also collecting data on every domestic WiFi network they passed. On the web, many sites now deploy hidden "history sniffing" codes to find out what other sites a user has visited, webmail servers "read" every email that passes through them and social networking sites reveal every detail of some subscribers' tastes, activities and location.
What these developments presage is a perfect storm of surveillance, orchestrated not by the state but by huge corporations. Meanwhile, information commissioners across Europe try to enforce data protection laws that were crafted in the mainframe era, long before the founders of Google, Facebook et al were born. Neelie Kroes, the European commissioner responsible for data protection, is determined to reform the law to make US-based companies respect the privacy of their European users. But her efforts are doomed unless those users wake up to the ways their privacy is undermined by the services and devices they use.

Who owns your location?

An open letter to handset platform companies, carriers, app makers and the government.

By Mike Elgan

April 30, 2011 06:30 AM ET

Computerworld - Dear Apple, Google, Microsoft, AT&T, Sprint, T-Mobile, Verizon, app makers, Congress and President Obama (or current resident):

Enough! We, the smartphone-using people of the United States, are being taken advantage of, stolen from and blackmailed. It's got to stop.
The smartphones we carry have four ways to know where we are: GPS, Wi-Fi proximity, cell-tower triangulation and user check-in via services like FourSquare.
This "location data" -- information that the phone gathers about where the phone is at any given time -- has monetary value, as well as priceless social value.
In other words, there's money to be made from knowledge about where each of us is at any given moment. A lot of money. That data can be converted into contextual advertising revenue, used to create compelling new services or improve the value of existing products.
As a society, we have not fully vetted this issue. The question over who owns this data has not been resolved.
In the absence of this conversation, various companies have rushed into the void to stake their claims. Each of them asserts the right to capture, transmit, own, use, manipulate, sell or otherwise monetize what is not rightly theirs: my location, and the location of every smartphone user.
Apple has been storing general location data in an unencrypted file on iPhones. The company said the long-term storage of that data was a mistake that it has now fixed. Apple also said it plans to use phone location data to build a traffic service. By pooling information about the speed of drivers, the system the company envisions could detect traffic jams.
Google, Microsoft and others do the same thing. Google's Android operating system doesn't simply store the data on the phone; it transmits it back to Google servers. Android devices also collect GPS data and each phone's unique ID number.
One reason cell-phone operating systems collect this data is to improve cell-phone service. A phone can more quickly access cell tower or Wi-Fi service by referencing a local file, rather than launching a new search to see what connection options are out there each time. This capturing of location data improves the quality of the user experience, which gives handset makers an advantage in the market and helps them sell more phones -- Apple reported $12.3 billion in second-quarter sales of its iPhone alone.
Another reason is that location data can be used to offer services and location-based advertising. In other words, it can (and will) be monetized.
All of the major carriers, including AT&T, Sprint, T-Mobile and Verizon, collect customer location data and then sell the information in bulk to companies that can use it. The carriers told Congress this week that they ask user permission before doing this.
I don't recall being asked. Do you?
Many app makers routinely gather location data and often collect personal information from the phone to go with it -- information like your home ZIP code and your gender. Apps can do this without user knowledge or permission. In many cases, it's not clear how this information is being used, or whether it's being sold to third parties.
We suddenly find ourselves in a world where handset platform makers, carriers and app makers all claim ownership of our locations.
Nobody planned it this way. We've slouched into this state of affairs one step at a time while nobody was paying attention.

End the blackmail

Apple, Google and Microsoft all have an outrageous answer to the question of user control over location data: You can stop your location from being logged and shared by turning off location services in the settings.
In other words, they're saying that if you don't give them information about where you are, they're not going to let you use the GPS capability on your own phone.
Another word for that is blackmail.
Imagine if other cell-phone features worked that way. "If you don't let us download your contact database so we can make money from it, we won't let you use the Contacts app." Or: "If you don't let us capture the phone numbers you dial for our phone-spam database, we won't let you use your smartphone to make calls."
This is unacceptable. We paid for the GPS features in our phones. And we paid for the GPS satellite system with our tax dollars.
That mobile platform makers would disable the use of our own GPS gear and block us from using our own GPS satellite system unless we let them make money off of our location data ... well, that should be illegal.
But because all of the major handset makers offer the same deal, there's no way for user choice to have any effect. Market forces can't correct the problem, because everyone in the market is fleecing users in the same way.
We, the people, demand the equivalent of an "Airplane Mode" for location sharing. We should be able to access a conveniently placed switch that turns off the ability of anyone other than ourselves to use our location data, while keeping the GPS and other location-gathering services functioning for our own use.
Second, we demand that mobile operating system makers take responsibility for giving users control over location sharing by apps. There should be an easily accessible control that shows us who's gathering what information from our phones, with an easy way to say no.
Platform developers like Apple, Google and Microsoft want it both ways. They want a huge chunk of the revenue from app sales, but when those apps violate our privacy they're suddenly not involved in the transaction.
Apple takes one-third of the revenue for iOS apps. And it "protects" us from naked people, unsavory content and other non-existent threats. Why isn't it protecting us from predatory app makers?
And finally, we demand that basic location data that is not associated with individual phones -- useful for identifying crowd movements that could indicate traffic jams, and for many other purposes -- be collected centrally and made public and usable by anyone and everyone. Why should we roll over just because Apple or Google or AT&T claims to own this information? Information about the location of everybody belongs to everybody. It's like the "airwaves" or the National Park System.
Yes, our location data is valuable. But that doesn't mean you can just take it from us.
Mike Elgan writes about technology and tech culture. Contact and learn more about Mike at Elgan.com, or subscribe to his free e-mail newsletter, Mike's List.