Apple and Google are trying to explain themselves before the Senate Subcommittee on Privacy, Technology and the Law at this moment. While Google continues to insist it didn’t mean to grab such data (though the Senate is asking why it has patented processes to use such data), Apple’s approach is somewhat different.
Apple seems pretty sincere. In my opinion, the Google chap who is there is not coming across as being so sincere, begging the question, does Google really put user data privacy as close to its heart?
Apple meanwhile does random audits of apps and checks traffic records of Apps it sells to check for violations of its terms, including those on privacy or unapproved location data usage by a rogue App. “Typically they correct problems like these,” Tribble says.
Google then makes its desperate claim that Google is an ‘open’ platform, and explains its ‘different’ approach to consumer privacy, but then points to Google’s opaque user-based app policing model. “We don’t generally go back to make sure every app does what it says it is going to do,” says the Google guy. Editors note: I’m 100 percent unconvinced Google’s security model is appropriate in a heavily consumerized market such as the smartphone. It’s ineffective enough in more evolved tech-savvy markets. I think Google is squirming.
“As open as possible is not an adequate standard for this task,” says the Senate. “What does a 14-year old installing an App know about these choices?” he asks. Google’s director of public policy, Americas, Alan Davidson responds, “We need to educate our consumers”. Educakshun? Just Google it, right? The senate isn’t impressed, notes that Google has more information and it is Google’s, not the consumer’s, responsibility to understand and explain location data use.
“I think we need to consider our model and work off that. I have not yet seen a model which adequately protects both the Internet and the user’s privacy — it isn’t just privacy, once someone’s in your computer it could be malware or worse….I think this has been a very interesting hearing and I think we have a lot of work ahead of us to make the Internet safer and to make it clear you’re getting what you pay for when you load up these apps, says Senator Whitehouse.
Conversation has moved to drunk driving apps with Senator Schumer (?). He’s pointing out these Apps, accusing these of undermining police anti drunk-driving attempts. He asks both Google and Apple how they can justify selling these Apps.
We do take this issue seriously and appreciate you raising it. We have a policy on our platform where we do try to maintain openess, we have a set of content policies regarding Android marketplace. Apps which share information about such things are not in violation of our policy>”
“Would you allow apps which teach how to make meth-amphetamines?” asks the Senator.
Google guy now claims a “fairly open” policy. I’m sorry, I’m bored so much of that mantra — it isn’t an excuse. “This is a question we are actively discussing internally and your input is something I will be taking back,” he says. “I agree this is a bad thing and an extremely important issue,” says Davidson.
“As a physician who has worked in emergency rooms I’ve seen the full impact of drunk driving,” he says. “Apple is examining the situation. One of the things we have found is that some of these apps are publishing data which is shared and published by police departments,” he says. “Not all the apps are like this….we are looking into this,” says Tribble.
“It’s sort of a weak read,” says the senator. Tribble seems a little less comfortable.
[To be fair, what Tribble is attempting to argue is that there is a difference in such apps where they use public information as to where they use or elicit information to foster illegal activity].
“Apple has pulled apps before?
“Absolutely, agrees Tribble. “If they intend to encourage people to break the law then our policy is to pull them off the store.”
Senator argues the drunk driving apps do this. “Ill take that back,” says Tribble.
Senator now asks both Google and Apple to investigate and report back on these apps within the month…
Second round questioning:
“Mr Tribble, when you download an app on Android it asks [lots of questions]…Apple only asks about location…what more can Apple do to inform consumers of the information an App can access…?”
Tribbble: “We encourage and rquire the app provider to get notice and consent from the App consumer before they do that. We do not provide technical means in all cases to prevent the app from getting all information. Specificallyw hen it comes to location, we do make sure that every time an App wants your location, a dialog box asks users to give permission or not, ‘Yes or no)….
[missed a bit]
Tribble continues to focus on the permisision. “In the case of other information we require the App to give notice and ask permission from the user, but we do not have a technical means to do that. Not that we don’t want to do that but we think it is difficult because the screent he user has which asks these permissions becomes very long and complex..”
Google does have this of course, but no one understands it, and Google doesn’t police it…
“How many apps have you rmemoved because they shared info with third parties without consent?” Asks th Senate..
Tribble doesn’t give numbers, but gives process, points out that in most cases developers change their apps when problems like these are identified. But the answer is “zero”. Apple hasn’t pulled any — but has forced App devs to change leaky apps…
Question on privacy to Ashkan Soltani who accuses Apple and Google of not yet making it clear to consumers.
On privacy ….Tribble: “In general we think it is extremely important that information kept on our servers is kept safe…we do a lot of work on this….”
“Would it be Apple’s practise to let consumers know about a breach if it happened”.
“There are state laws,” says Tribble, and we’d certainly — this isn’t my role at the company — but we’d certainly do that…”
Brookman says strict laws do exist, and suggests the FTC be given the ability to levy penalties for violations in this area. “We’d like to see other fair use practices put into law. In both the Sony and F1 breach, both companies servers were holding data they didn’t neeed any more… including of consumers who had opted out years ago…”
Brookman is making a case for tight punishments for companies who put data — particularly data they no longer need — at risk. Which seems eminently sensible.
“As I said at the beginning of this hearing I feel people have a right to know about theur data and how it is being used. After what I’ve heard today I’m not happy this is happening now. This is an urgent issue we’ll be dealing with and will hold the record open for a week for questions.. this hearing is now adjourned.
Sorry for the bits I’ve missed, there’s a complete archive of the discussion on the US Senate website. This is an extremely serious matter — we’re defining our own privacy in the smartphone/connected device age, and that’s something to take pretty seriously, i think. Apple will have to develop a more complex permissions interface, Google will have to become less open, but that’s just my opinion.
There’s more inside this transcript over at USA Today.