Achieving Balance in a Mobile World

Is privacy an extremely important value that needs to be protected? This was the question in debate at the Senate Judiciary panel last Tuesday during which Google and Apple defended the collection of location-based functionality on consumers’ smartphones. Back in late April it was revealed to the public that data about iPhone and Android users’ locations was being stored on consumers' phones in unencrypted files. At the time Google and Apple replied with cryptic messages about how the data was being stored, for how long it was being stored, and what it was being used for. In other words, neither company provided any real explanation as to why they were storing this data, only saying it had been stored and that they would “fix” any “bugs.” Since the hearing, Apple (but not Google) has responded with press releases attempting to clarify their position and has provided a software update that allows phone owners to control location settings. Still, we have to wonder why settings were configured in such a cryptic manner in the first place.

The topic of debate now isn’t just about why it’s being stored, but also about why the data is being stored insecurely and why users weren’t clued in. Most smartphone users are familiar with the location-based services on their phones and use them for all kinds of fun and convenience. It wouldn’t be a stretch to say that most people who are “checking in” at their favorite restaurant, store, fitness center, or wherever are aware that some level of location-based service is being accessed. In many instances, users are asked to grant permission when certain apps are installed on their phones. But in the case of the iOS and Android data, no one told these users that it was being stored, unencrypted, for up to a year. 

“The balance here lies in providing enough data to consumers about how their information will be shared so that they can give their informed consent,” says Randy Sabett, a practicing D.C. based attorney who leads a track at IANS’ Forums on “Privacy vs. Security.” Legally curbing private industry innovation is dangerous on many fronts, but users need to be aware of the risks posed by the rewards of downloading the hottest new app to their phone.

Sabett believes “the industry can achieve this balance without government resorting to legislation that could potentially stifle innovation.” How do we as an industry incentivize developers to build more secure apps? What is the responsibility of industry leaders like Apple and Google in leading the charge for meeting consumer demand without placing its customers at risk? Where do their responsibilities end and consumers’ responsibilities (provided they’re given all of the information they need in the form of disclosures, waivers, and tools to control storage and access) begin?

Every week IANS fields a dozen or so Ask an Expert queries on this very subject and it is a leading topic at all of our Forums. Every company and every consumer has an opinion of what’s acceptable and where the line has been crossed. I will go so far as to say that secretly storing others’ PII is wrong. So together as an industry we need to innovate and grow but consider the implications of our actions and hold accountable those that obfuscate our right to privacy.