Technology giants Apple and Google Tuesday defended their use of user location data on Capitol Hill. Critics say the companies are breaching consumer trust by surreptitiously collecting personal information.
Apple iPhones do not collect the specific location data of customers, and Google users must opt in before any location information is divulged, according to company spokesmen. They testified before a packed Senate hearing room amid a spike in concern that mobile-phone technologies may violate privacy expectations by collecting and tracking location data without user consent.
“We’re not even close to protecting all of the information that we need to,” said Sen. Al Franken, a Minnesota Democrat and chairman of the Senate Judiciary Committee’s new subcommittee on privacy and technology, who called the hearing. “Reports suggest that the information on our mobile devices is not being protected in the way that it should be.”
The worry for many lawmakers and privacy experts is that a burgeoning industry based on collecting consumer data is not adequately protected.
Consumer privacy advocates such as Ashkan Soltani, who advised the Wall Street Journal on the paper’s online privacy coverage, have charged technology companies such as Google and Apple with furtively collecting location information without educating consumers on the practice. Two customers last month sued Apple for privacy invasion for allegedly recording and storing their location data.
Apple says its iPhones send the locations of nearby wireless Internet hotspots and cell phone towers to a database to help each phone find its own location more quickly when prompted by users. The company doesn’t log and has never tracked the location of its iPhone, Apple said last month. A software bug directed the iPhone to store unencrypted location data longer than necessary, and has since been fixed, Apple said.
“Apple does not track users’ locations,” Guy “Bud” Tribble, Apple’s vice president for software technology, said in his testimony. “Apple has never done so and has no plans to ever do so.”
Alan Davidson, Google’s director of public policy, said the company requires each user to opt in before Android phones send any location data back to Google. When someone turns on a cell phone with Android software for the first time, Davidson said, he or she is always asked if they would like to share their location data.
“We don’t collect any location information — any at all — through our location services on Android devices unless the user specifically chooses to share this information with Google,” Davidson said.
Federal laws are well behind the curve when addressing threats from hacking, as well as dealing with the risk that companies can share customer information with third parties without consent, according to testimony from government officials and privacy experts.
“Companies can share [data] with whomever they want,” said Jason Weinstein, deputy assistant attorney general at the Justice Department.
Jessica Rich, deputy director for consumer protection at he Federal Trade Commission, added that consumers “really have no idea of the layers of sharing that go on behind the scenes.”
Weinstein also said there should be new federal laws to require companies to report data breaches, and to retain information for longer periods of time so that they would be available for criminal investigations. Sen. Patrick Leahy, a Vermont Democrat and chairman of the Senate Judiciary committee, said he would introduce a bill “very shortly” which updates the 1986 electronic privacy act, which Leahy wrote.
The hearing was more a fact-finding mission than policy debate, and lawmakers said they needed to know more about data collection and usage before they’re able to remake the nearly 25-year-old rulebook.
“We need a whole lot more information and knowledge before we come to conclusions about what should or needs to be done,” said Sen. Tom Coburn of Oklahoma, the ranking member on the subcommittee and only Republican senator to attend the hearing.
Civil rights advocates urge legal updates to deal with privacy rules in the Internet era, but warn of outsized government access to mobile data collected on its citizens.
“When we carry cell phones, we carry personal tracking devices — that’s a fact of life,” Chris Calabrese, legislative council at the American Civil Liberties Union, said in a phone interview before the hearing. “We can’t lose sight of the fact that the protections against government access to this information is happening without any clear standard.”