Senator Franken Wants Us to Know When Our Apps Are Tracking Us: Why This Is a Sensible Thing for Congress to Require
Cyberstalking apps and geolocation apps can track a mobile-device user’s location—and this information can then be shared with third parties such as advertisers, or with jealous spouses—often without the user’s knowledge that this is happening. Recently, the Federal Trade Commission (FTC) publicized its concern over apps installed on children’s phones that tracked the children’s location and broadcast it to advertisers and third parties without proper consent by, or notification to, parents or children. Senator Al Franken wants to do something about this. Moreover, he is also concerned about mobile applications that allow other people to surreptitiously track another person, again using geolocation.
The Senator recently proposed legislation that attempts to require that companies that develop and sell such mobile apps must get our consent before such programs are installed on our mobile devices. The bill would prohibit the covert monitoring of a person’s location, as well.
In this column, I will explain the nature of such mobile apps, and why they raise privacy concerns. I will also discuss the opposition by some industry representatives to legislation such as that which Franken seeks. I believe that this legislation is a small but important step that can help us address this issue, but I also believe that the voluntary initiatives that the industry is working on, in partnership with government, are also important.
The Reason for Concern: Cyberstalking Apps Have Been Installed Without the Device User’s Knowledge
Senator Franken’s legislation is concerned with two types of geolocation apps. One type, cyberstalking apps, can be installed on a phone without the phone owner’s knowledge. And once installed, these apps can track a phone and follow a user’s daily movements—from work, to a coffee shop, to the gym, and even to, say, a divorce lawyer’s office.
Currently, software companies can sell cyberstalking apps that operate secretly on cellphones, but this loophole could soon be closed by Congress. The software is popular among jealous spouses because it can continuously track a spouse’s whereabouts. One app is called “Is He Cheating?” and it is sold to users with the following pitch: “Use GPS – Satellite technology to find out if your partner is cheating thru their cell phone. Track ’em and Bust ’em Today!” Another app site asks, “Do you think your spouse is cheating? Their cell phone will reveal the truth!” The site includes a diagram telling consumers that they must first get their spouse’s phone, in order to install the software, and after doing so, they can receive tracking data sent to an email account of their choosing
Last week, the Senate Judiciary Committee approved a bill that would make it a crime for companies to make and intentionally operate a stalking app. If passed into law, the legislation might curb the appeal for people to use the apps that I described above, by requiring companies to disclose their existence on a target’s phone.
Stalking and stealth (or one-party-consent) wiretapping already are illegal, meaning that it’s against the law, in most cases, for a spouse or partner to secretly install tracking software on his or her loved one’s phone. Franken’s proposal would extend existing criminal and civil liability for such behavior to include the software companies that sell them, if such companies don’t notify users that they are tracking their phones, and obtain their affirmative consent to do so. Under Franken’s legislation, companies would face a criminal penalty only if they knowingly sold and operated an app with the intent to facilitate stalking
Companies that offer this type of app often state that they only do so if the person who installs the app is also the owner of the phone. And there are companies who market such programs for parents to monitor their children’s whereabouts.
But Franken and other proponents of the legislation against such apps, including anti-domestic violence advocates, said that there is no way to ensure that such apps are being used in an aboveboard manner. These programs can be installed in a flash, when a cellphone user goes to the bathroom, or turns in for the night. And once installed, the apps operate invisibly. They can silently record text messages, calls, physical locations, and visits to websites. All the information gathered is then relayed to an email address chosen by the person who installed the tracking app.
The Purpose of Franken’s Bill: To Curb Stalking and Domestic Violence
Victims’ advocacy groups say that Franken’s bill is a needed step to curb stalking and domestic violence by eliminating the clandestine use of a tool that gives one person power over another.
Last year, Senator Franken also held hearings on the topic of mobile privacy. In 2011, he received testimony from Minnesota domestic-violence victims. This testimony was an important factor in Franken’s decision to sponsor the bill. In one case, a woman had entered a county building to meet with her domestic-violence advocate, when she was texted by her abuser; the text asked her why she was there, according to Congressional testimony delivered last year by the National Network to End Domestic Violence.
After getting the scary text, the woman and her domestic-violence advocate went to a local courthouse to get a protective order against her abuser. Just as the woman got to the courthouse, she received a second text from her abuser asking her why she had gone to court. It was later determined that the abuser was tracing her movements with an app that had been placed on her cellphone.
Of course, there may still be cases where one partner in a relationship insists that another person “consent” to the app being installed on their phone—through force or coercion—but this law cannot deal with those dynamics. The main thing the law does is to mandate that companies must make a phone user aware that he or she is being monitored.
The Concern About Regular Apps’ Also Monitoring the Location of Their Users—Especially If the Users Are Children
Of course, not all apps are cyberstalking apps. However, other apps, installed for other reasons, may still track a person’s movements in order to provide them to marketers or advertisers, who then have valuable information about our habits and movements. This raises concerns for Franken—who is especially troubled about the monitoring of children’s movements. Franken wants to ensure that parents know when their kids are being tracked.
In early December, the FTC published a report in which it explained how mobile apps aimed at children raise privacy concerns. According to the report, many of the hundreds of apps that were reviewed shared certain information with third parties—information such as the unique device ID, geolocation, or phone number—without disclosing that fact to parents. Although the FTC did not name the specific apps that it had studied, its report concluded that about 60 percent of the apps surveyed transmit information from the device to developers, advertising networks, analytics companies, and others. As a result, companies—some legitimate, some less reputable—are collecting children’s location and selling it to ad companies and others, without parental consent. And this may all be legal, as the law doesn’t require a company to get consent before getting your location information from your mobile device.
Franken’s proposal would also update laws that were passed years before wireless technology offered us the app revolution. Thus, while telephone companies are barred from disclosing to businesses the locations of people who make traditional phone calls, there’s no such ban when a person walks around with his or her phone and uses the Internet.
If a consumer uses her mobile device to send an email, or to search the Internet to find a local pizza place, the precise location of her phone can legally be passed on to advertisers, marketers, and others without her knowledge or permission. This can often be good from the consumer’s perspective: If we are on the road and type in a search for “pizza,” we may be very happy to get an ad from a nearby restaurant.
The legislation also would make companies subject to civil liability if they failed to obtain a consumer’s express consent before tracking location information from a cellphone, and sharing it with anyone else. Companies also would face penalties if they failed to tell a user no later than seven days after their phone service begins, that such a program is running on their phone. (The bill includes an exception to the permission requirement for parents who want to place tracking software on the cellphones of their minor children without the children’s being aware that it is there.)
Why Franken’s Proposal Is Sparking Software Industry Opposition
An organization representing software companies opposes Franken’s bill because, it said, the user-consent requirement would impede innovation without adequately addressing the problem of cyberstalking.
According to David LeDuc, Senior Director for Public Policy at the Software & Information Industry Association (SIIA), voluntary but enforceable codes of conduct for the industry are more effective methods for increasing transparency and consumer confidence.
Here, the SIIA is referring to a multi-stakeholder processthat is being chaired by the National Telecommunications and Information Administration (NTIA) of the Department of Commerce—which is working with industry and civil-society groups to develop a voluntary code of conduct governing how mobile apps collect personal information. The initiative is meant to make the process of information collecting more transparent, to boost user knowledge, and to promote privacy.
The mobile-app transparency initiative is indeed an important measure—and it is laudable that the government is attempting to create a code of practice that involves the government, the private sector, and civil society. But Franken’s proposal is a broader initiative that focuses on the ways in which app developers provide notice to users about the information they collect. Thus, it focuses on broader transparency goals, as app developers may be collecting information about more than just a person’s geolocation.
Thus, Franken’s proposed law—which would simply require the consent of a phone owner before tracking commences—is compatible with the NTIA initiative, which focuses on how companies might better disclose what information they collect from consumers who buy their apps.