Global Security, Privacy, & Risk Management

Mobile Privacy October 12, 2012

Smartphones have changed the way we interact with our world.   They’ve introduced a new level of convenience, but they’ve also introduced a new potential threat to our privacy.    As consumers, we should be informed about the choices that we make on our smartphones and how they might impact us.  For example, I upgraded my iPhone to iOS 6 this afternoon. (I know. I’m a little late on that one.)  Anyway, when I was done I got two prompts.   The first asked if I wanted to enable location services.  I said yes, knowing that meant that 1) I could use the “find my phone” app, as well as many other apps that come in handy for a frequent traveler, and; 2) that it meant that Apple would have access to my location data.  The next prompt suggested that Apple could improve its products and services if I just allowed my phone to send occasional reports to headquarters.  That one I declined.  I don’t necessarily want Apple to have access to all of my activities on my smartphone.

Now, I’m not naive enough to believe that my simple selection means that I have safely secured my data and mobile behavior entirely.  There are companies that are taking advantage of the fact that privacy laws have not kept pace with technology.  We know for example, that there are companies that offer device fingerprinting services for fraud prevention that also happen to sell mobile device behavior analytics to marketers.  Consumers don’t have any way of knowing that their behavior is being tracked and they have no way to opt out.

This week, Sen. Franken (D-Minn) and Sen. Blumenthal (D-Conn) introduced a bill designed to protect mobile privacy.  The Location Privacy Protection Act of 2011 is meant to protect consumer privacy by informing users of how and with whom their location data is shared.  There are four primary requirements of the bill.  Distilled to their basics, those requirements are:

1) Gain consumer consent before collecting location data

2) Get consumer consent before sharing that data

3) Assist in understanding and investigating crimes that involve the misuse of location data

and

4) create criminal penalties for those that abuse location services or use so-called “stalking apps.”

While I applaud the move to ensure that mobile users are protected from entities divulging their location without the knowledge or consent of the consumer, I wonder if the law goes far enough in protecting consumer privacy.  What about those device fingerprinting activities?  Do you think the proposed bill goes far enough? Too far?  What would you like to see in terms of mobile privacy protection?