The UK’s Information Commissioner’s Office and the US Federal Trade Commission have launched a global sweep of mobile app developers in a bid to crack down on privacy abuse.
The crackdown, comes in the wake of the explosion of public awareness in privacy following the revelations by the intelligence contractor Edward Snowden of the systematic collection of personal data by the US state surveillance agency, the National Security Agency and its UK counterpart GCHQ.
According to Andrew Patterson, a technology specialist for the ICO, the first stage of the exercise involves an intelligence gathering exercise by the Global Privacy Enforcement Network – a coalition of privacy regulators from 33 major countries – to find out the extent of the problem and identify companies abusing people’s privacy.
Already the privacy abuse crackdown has led to enforcement actions being levied in the US by the FTC on a number of companies the most notable being Snapchat – an instant communication service that promised to destroy messages within 10 seconds of their being broadcast, yet stored your messages and collected information on your location. Another culprit was the ‘Brightest Flashlight’ app from Goldenshores Technologies. In exchange for providing a torch system on your phone it collected your data and location and supplied it to advertisers. The Brightest Flashlight app led to Goldenshores being labelled as ‘deceivers’ by the FTC.
“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it, said Jessica Rich, director of the FTC’s Bureau of Consumer Protection adding, “But this flashlight app left them in the dark about how their information was going to be used.”
The privacy abuse crackdown by the GPEN is a reaction to the widespread trend among technology companies to be evasive about the basis of the businesses that they are engaged in and what is being seen as a systematic attempt to mislead consumers about what signing up for particular services entails.
“The concern that we have is that huge amounts of data can be assembled on people without them being aware. The overall focus of what we would like to see happening in the mobile app space is that we want to see companies becoming increasingly more transparent.
“Transparency is necessary to meet the requirement of fairness that’s enshrined within the Data Protection Act. Clearly saying what you will and won’t do is one of the key messages,” said Patterson.
The move by GPEN could have serious implications for many technology companies like Google and Facebook which up till now have been able to present themselves as search engine and social media companies at a time when many academic and industry sources are have told Fi that their core businesses are actually in advertising and data collection, and that presenting themselves as other than that is disingenuous.
According to Patterson the reason for the global concern from privacy regulators is because consumers are now carrying about devices that are always on and always connected to a network, that have a whole range of programs and sensors enabled on them that are extremely personal to them. This creates the potential for an unwitting privacy invasion for many consumers.
“There are so many different configurations that your mobile applications may not be doing anything at all, or they could be doing a lot of suspicious things and as an individual you have often no way of knowing what your device is doing, especially if you are not technologically savvy, and that is one of the challenges that we have to get across to people,” said Patterson.
The move against internet data companies has not been wholeheartedly welcomed and has been interpreted by some legal observers as an attempt by the FTC to extend its powers into areas outside its mandate.
“The FTC is not tied to the US administration. The FTC has had a programme over the last 10 years of trying to enforce the most newsworthy cases in privacy it can,” said Stewart Baker, the former Assistant Director for Policy at the Department for Homeland Security and the General Counsel to the NSA between 1992 and 1994, who now works as a lawyer for Steptoe and Johnson, and is an expert on privacy, surveillance and digital commerce.
“The FTC has stretched its ambit in an attempt to become the principal privacy regulator in the US.”
Others see the move as the beginnings of a battle over privacy and transparency on the web.
“Beyond the Snapchat legal settlement, there’s a bigger technology question about anonymity on the internet and whether mobile messaging services and other popular social media applications can successfully build and maintain privacy enhancing technologies that really work.
“The internet has a long memory and there’s some debate as to whether these messages, photos and the like have a limited shelf life or live on forever, ” commented Craig Newman, a leading technology speciaist for the Washington and London law firm, Richards, Kibbe and Orbe, and the CEO of Freedom2Connect Foundation, a US-based project working with Radio Free Asia to promote global Internet freedom through the use of technology.
