This story was originally published on June 8, 2011, and is brought to you today as part of our Best of ECT News series.
Since few people bother to read Privacy Policies, Terms of Service or Click Wrap Agreements, is it any wonder that social media sites, search engines, and providers of cell services ask for and receive carte blanche rights to our whereabouts, along with other personal information?
We all know that if we don’t agree to these terms, policies or agreements, we simply cannot use the social media site, search engine, or cell service. So we all just along with the unread deals offered to us.
No Surprise Here
Recent reports that Apple tracked user locations and stored location data on iPhones and iPads created an uproar that included Sen. Al Franken, D-MInn., writing a letter to Steve Jobs. His letter contained the following questions:Why does Apple collect and compile this location data?
How is this data generated (GPS, cell tower triangulation, WiFi triangulation, etc.)?
Why is this data not encrypted?
When Jobs confessed that Apple made mistakes, Apple also announced that it would change the operating systems on its devices and thereby change its practice.
Ironically, some security experts believed that Apple collected the iPhone/iPad location data not to track users, but rather to pinpoint locations of devices more quickly to save battery life and bandwidth, The New York Times reported.
Nonetheless, the users contractually permitted Apple to collect this information.
Google Does It Too
No one was surprised to learn that Google was also tracking the GPS data in Android phones, but the information was accessed with user consent under a Click Wrap agreement and anonymously recorded.
Google relies on GPS tracking information to tell Google Maps users what traffic conditions may exist and which roadways are moving or are stopped. Google Maps relies on tracking the movement of the cellphone GPS traffic on the streets to provide this service.
Street View Sees You
In May 2007, Google Street View appeared for the first time serving five U.S. cities: New York, San Francisco, Las Vegas, Miami and Denver. Since then, Google has taken pictures around the world for the Street View project.
However, to the surprise of many, Google confirmed that since 2006, its Street View Cars captured WiFi network information in addition to Street View Photos.
Google uses this WiFi network information to improve location-based services like search and maps. Specifically, Google admitted 0 that the WiFi information was collected, but claimed that it was not the only enterprise to collect unprotected WiFi information:
WiFi networks broadcast information that identifies the network and how that network operates. That includes SSID data (i.e. the network name) and MAC address (a unique number given to a device like a WiFi router). Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data.It is not surprising that Google claimed its collection and use of WiFi data was legal, and no different than data collection by other companies, including Skyhook, and such organizations as the German Fraunhofer Institute.
Around the world, a number of privacy groups have been unhappy about Google Street View Photos, and there are now new privacy concerns abound regarding Google’s collection of WiFi network data.
Even though Google claimed its activities were completely legal, it apparently acquiesced to the Irish Data Protection Authority’s request on May 14, 2010, to delete its WiFi network data collected in Ireland. On May 16, 2010, the destruction of this WiFi network data was confirmed by a third-party consultant.
The Push for Privacy
News of Apple’s and Google’s collection of user location data has led the EU to explore new rules regarding location information.
France, Germany, and Italy are currently examining Apple’s possible violation of EU laws. EU residents are very concerned about protecting their privacy and expect Apple and Google to comply with EU laws. Sony’s recent admission that hackers had pulled off data thefts involving more than 77 million account holders is clearly a matter that the EU is studying as well.
What About the Children?
By the time many children in the U.S. reach 13 years of age, they set up Facebook accounts and start downloading apps to iPhones, but protecting their privacy is rarely a question.
In the U.S., the Federal Trade Commission is responsible for protecting children under the age of 13 under the Children’s Online Protection Act, which was enacted by Congress in 1998. However, this is easier said than done.
Of course, children 13 or younger don’t bother reading Terms of Service, Privacy Policies, or Click Wrap Agreements any more than adults do. So is it any wonder that children lose their privacy on the Internet?
A favorite New Yorker cartoon from 1993 has a drawing of two dogs, one sitting in front of a computer saying to the other “On the Internet nobody knows you’re a dog.”
Unfortunately, no matter what businesses say on their websites about who may use the site and what messages are directed, no one really know who’s on the other end. As a result, there is no guarantee that a website has effectively screened for age just because an Internet user claims to be over 13.
When somebody can ever figure out how to force people to read Terms of Service, Privacy Policies, and Click Wrap Agreements and encourage negotiation of unacceptable terms, then maybe we will be able to actually protect privacy on the Internet. Clearly, with today’s Internet model, it’s really impossible to protect our privacy.