Mobile privacy risks: Who should alert end users?
Both industry and government are concerned about the potential for many mobile applications to share data with third parties without user consent.
Privacy is a slippery subject in the mobile applications world. Many government and commercial users worry about secure personal and business information being shared inadvertently by an obscure feature in a device or application.
But whose responsibility is it to keep users informed about risks to their privacy, the device maker, the application developer or government policymakers?
That was one of the questions government and industry experts wrestled with on a panel at an event hosted by the Congressional Internet Caucus in Washington, D.C., May 3.
New chip tracks smart-phone location down to the inch
“Privacy is surprise management,” said Ashkan Soltani, an independent researcher and consultant. The new mobile ecosystem is very complex, made even more so by new social media-based apps coming into the marketplace, he said.
One example is Path, a mobile networking app that allows users to share a daily journal of their activities and locations. With Path and similar apps, user location data is often provided to third parties – including advertisers or local businesses – without any authorization. If users knew about its location tracking features, most might be fine with it, Soltani ventured, but problems arise when this is done surreptitiously.
Letting consumers know that their personal information can be used by third parties is important, said Sarah Hudgins, public policy director at the Interactive Advertising Bureau. Even so, there must be a balance between the obligation to inform users about their privacy options and being intrusive. There can’t be pop-up boxes appearing every few minutes, she said.
That’s a balancing act that has drawn the attention of federal regulators. It is one thing to inform consumers about what information they are making available publicly, and another for users to understand what is being done behind the scenes, said Patricia Poss, chief of the Federal Trade Commission’s Mobile Technology Unit.
In a recent FTC report, consumers indicated they were concerned about what was running in the background of many applications, such as those used for children, said Poss.
The FTC also found very little information posted about what the applications it reviewed did or could do with user data. This lack of background information is very challenging for consumers, Poss said. “If you don’t even know what to ask for and look for, it’s pretty tough,” she said.
Mobile devices could benefit from ad-monitoring systems available on desktop computers that provide users with details about pop-up advertisements, said Hudgins. The challenge will be making something that works on a small mobile phone screen, she added.
While transparency is important, platform manufacturers and software developers share a responsibility to keep the consumers informed of risks to their privacy, panelists said. Users need to be alerted when applications have the potential to access their address books, but platform manufacturers have it in their power to greatly mitigate such issues, said Todd Moore, founder of app developer TMSoft. For example, the iPhone prevents personal user data from being accessed by apps developers, he said.
But a balance must be struck between preserving personal data and constantly alerting users to potential issues. “We don’t want our phones to constantly bug us [about privacy issues],” said Moore.
NEXT STORY: New spec lets any mobile device swap biometrics