Administration Eyes Mobile Apps in Data Privacy Push
The White House plans to apply its new privacy guidelines to the mobile applications environment, said Danny Weitzner, policy director of the White House Office of Science and Technology Policy, during an event Friday hosted by the Consumer Federation of America. Weitzner said he hopes the administration’s Consumer Privacy Bill of Rights will encourage new codes of conduct in developing markets like the mobile space.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The “substantial gap” in the U.S. legal privacy protection framework is particularly apparent in the mobile application environment, Weitzner said. “We have learned that it is not always clear to consumers or the companies that are developing these applications what the right way is to use this personal information, how to apply basic privacy principles.”
One of the administration’s goals is to encourage Congress to enact consumer data privacy laws, said Weitzner, because “self-regulation alone is not enough.” “We do not want consumers to be surprised” by the personal data that are collected and disclosed on the Internet, he said. It’s particularly important to bring awareness to consumers when their information is being used by companies to determine their creditworthiness, or ability to get healthcare coverage or housing, he said. But the administration does not “want to see privacy legislation as unnecessary roadblocks to the free flow of information” on the Web, he said.
Broadly targeting the mobile application ecosystem is “problematic because the environment is undergoing massive shifts right now,” said Morgan Reed, executive director of the Association for Competitive Technology. “The industry is incredibly new. It’s still totally in the experimentation stage when it comes to business models,” Reed said. “Twelve months ago Apple’s current subscription model [for content-based apps] didn’t exist. In-app purchasing isn’t two years old at this time. The whole ecosystem is five years old.”
But lawmakers are concerned about the privacy and security policies of Apple’s mobile applications platform, after revelations that the social networking app Path was collecting address book information from its users’ iPhones without authorization. House Commerce Committee Ranking Member Henry Waxman, D-Calif., and House Manufacturing Subcommittee Ranking Member G.K. Butterfield, D-N.C., told Apple CEO Tim Cook in a letter sent last month there’s “a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference.” Path co-founder and CEO Dave Morin apologized for the way the app’s “Add Friends” feature collected user contact information without consent (http://xrl.us/bmr8bp).
Path’s “absolutely complete failure to follow almost business common sense behavior is not something that is solved by an NTIA multi-stakeholder process,” Reed said. “Even if there were laws banning what they did it seems pretty clear they would have done that anyway given how badly they behaved. You have to look at better enforcement of FTC laws and ... the public shaming that happened around Path and the loss of customers.”
The NTIA will spearhead the process of developing a voluntary code of conduct that protects privacy rights of online consumers while giving them more control over how their information is handled, said Weitzner. “We are going to begin right now to work with industry groups, consumer groups, privacy advocates, academic experts to convene processes to develop best practices, to develop concrete responses to privacy challenges and make sure those challenges are expressed in enforceable codes of conduct.”
Weitzner said he didn’t think it would be “technically possible” to implement an Internet “eraser” button, as suggested by some European privacy officials. “It’s not feasible, as a blanket matter, no it is not,” he told us after the speech.
Network engineers, technology consumers, government and others in the technology ecosystem must begin to address challenges and goals to prepare for the next digital phase -- “the Internet of things” -- privacy and technology panelists said. While new technologies always were emerging, “nowadays ... what’s different is that the pace of new technology is accelerating,” said Elizabeth Grossman, a member of Microsoft’s Technology Strategy and Policy Group. Social processes don’t move as fast as the technology processes, she said. Players in the ecosystem need to start thinking “about being less reactive to technologies” and more proactive “as new technologies come into development.” There will be 50 billion objects connected to the Internet by 2020, she said, so communities must start thinking now about how to take advantage of it. This change will happen and cannot be stopped “because it delivers so much value to consumers,” said Mark Cooper, CFA research director.
Emerging technologies will lead to the Internet helping society beyond today’s uses, said Ioana Rusu, Consumers Union regulatory counsel. Future uses can involve sensors placed on a houseplant “indicating when it needs to be watered” or “that it needs a bigger pot.” The adoption of smart meters can save energy and resources, she said. In the Internet of things, these meters “will be able to figure out what room of the house you're using” and direct energy through HVAC vents to only that area of the house, she said. The change presents an opportunity for society “to integrate the digital world ... and the physical world,” Grossman said. “That’s a powerful new set of data and new quantities of data.” The Internet is a great source of information, but “more information isn’t necessarily always better,” she said. It’s essential to take the data, discern underlying patterns and make predictions that are useful, she said.
Privacy will continue to be tricky, some experts said. “It’s one thing to have a coffee machine that turns on and wakes you up with the smell,” said Chris DiBona, Google’s open source programs manager. “It’s another thing when you have a scale that’s broadcasting your weight to a doctor.” Check-in services, like Foursquare and Google Latitude, are no different from prisoner anklets, and “you want to know that you can trust the people who are seeing that information and who are the conduits of that information,” he said. There’s a love-hate relationship when it comes to sharing information, Cooper said. People want to hold on to their privacy, but they know that there’s value in shared information, he said. New issues related to security, privacy and intellectual property surfaced because “the Internet and digital means of communication are the primary means of communication in our society,” and the technology furthers society’s goals.
"How do we get to a place where it’s not just the ‘Intranet of things,'” which is inside the firewall? DiBona said. There are known and emerging protocols, but “it’s not really going to move forward until people come up with compelling applications that don’t cost an arm and a leg.” The transition toward the Internet of things is inevitable and already happening, Cooper said. “The potential to save on distribution and transaction is immense.” The platforms already exist through the ubiquity of mobile devices, he said. It calls for a change in governance that is participatory and uses crowdsourcing, he added: “The old industrial revolution command and control regulation isn’t going to work.” In the past “we've always adapted to computers” by learning its rules and commands for interaction, Grossman said. Context can be used to create computers “that can adapt to us.”,