{"id":1184,"date":"2011-04-06T07:16:14","date_gmt":"2011-04-06T15:16:14","guid":{"rendered":"\/?p=1184"},"modified":"2011-04-06T07:32:00","modified_gmt":"2011-04-06T15:32:00","slug":"wsj-federal-prosecutors-investigate-smartphone-apps","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1184","title":{"rendered":"WSJ:  Federal Prosecutors investigate smartphone apps"},"content":{"rendered":"<p>If you\u00a0have kept up with the excellent Wall Street Journal series\u00a0on\u00a0smartphone apps that inappropriately collect and release location information, you won&#39;t be surprised at their\u00a0latest\u00a0<a href=\"http:\/\/online.wsj.com\/article\/SB10001424052748703806304576242923804770968.html\">chapter<\/a>:\u00a0\u00a0Federal\u00a0Prosecutors are now investigating information-sharing practices of mobile applications, and a Grand Jury is already issuing subpoenas.\u00a0\u00a0The Journal <a href=\"http:\/\/online.wsj.com\/article\/SB10001424052748703806304576242923804770968.html\">says<\/a>, in part:<\/p>\n<p style=\"PADDING-LEFT: 30px\">Federal prosecutors in New Jersey are investigating whether numerous smartphone applications illegally obtained or transmitted information about their users without proper disclosures, according to a person familiar with the matter&#8230;<\/p>\n<p style=\"PADDING-LEFT: 30px\">The criminal investigation is examining whether the app makers fully described to users the types of data they collected and why they needed the information\u2014such as a user&#39;s location or a unique identifier for the phone\u2014the person familiar with the matter said. Collecting information about a user without proper notice or authorization could violate a federal computer-fraud law&#8230;<\/p>\n<p style=\"PADDING-LEFT: 30px\">Online music service Pandora Media Inc. said Monday it received a subpoena related to a federal grand-jury investigation of information-sharing practices by smartphone applications&#8230;<\/p>\n<p>In December 2010, <a href=\"http:\/\/online.wsj.com\/search\/term.html?KEYWORDS=SCOTT+THURM&amp;bylinesearch=true\">Scott Thurm<\/a>\u00a0wrote <a href=\"http:\/\/online.wsj.com\/article\/SB10001424052748704694004576020083703574602.html\">Your Apps Are Watching You<\/a>,\u00a0 which has now been &#8220;liked&#8221; by over 13,000 people.\u00a0 It reported that the Journal had tested 101 apps and found that:<\/p>\n<p style=\"PADDING-LEFT: 30px\">&#8230;\u00a056 transmitted the phone&#39;s unique device identifier to other companies without users&#8217; awareness or consent.\u00a0 Forty-seven apps transmitted the phone&#39;s location in some way. Five sent a user&#39;s age, gender and other personal details to outsiders.\u00a0 At the time they were tested, 45 apps didn&#39;t provide privacy policies on their websites or inside the apps.<\/p>\n<p style=\"PADDING-LEFT: 30px\">In Pandora&#39;s case, both the Android and iPhone versions of its app transmitted information about a user&#39;s age, gender, and location, as well as unique identifiers for the phone, to various advertising networks. Pandora gathers the age and gender information when a user registers for the service.<\/p>\n<p style=\"PADDING-LEFT: 30px\">Legal experts said the probe is significant because it involves potentially criminal charges that could be applicable to numerous companies. Federal criminal probes of companies for online privacy violations are rare&#8230;<\/p>\n<p style=\"PADDING-LEFT: 30px\">The probe centers on whether app makers violated the Computer Fraud and Abuse Act, said the person familiar with the matter. That law, crafted to help prosecute hackers, covers information stored on computers. It could be used to argue that app makers &#8220;hacked&#8221; into users&#8217; cellphones.<\/p>\n<p style=\"PADDING-LEFT: 30px\">[More <a href=\"http:\/\/online.wsj.com\/article\/SB10001424052748703806304576242923804770968.html\">here<\/a>]<\/p>\n<p>The elephant in the room is\u00a0Apple&#39;s\u00a0own approach to\u00a0location information, which should certainly be subject to investigation as well.\u00a0\u00a0 The user\u00a0is never presented with\u00a0a dialog in which Apple&#39;s use of location information is explained and permission is obtained.\u00a0\u00a0Instead, the user&#39;s\u00a0agreement is\u00a0gained surreptitiously, hidden away\u00a0\u00a0<a href=\"\/?p=1136\">on page 37 of a 45 page policy <\/a>that\u00a0Apple users must\u00a0accept in order to use&#8230; iTunes.\u00a0 Why iTunes requires location information is never explained.\u00a0 The policy <a href=\"\/?p=1136\">simply states <\/a>that the user&#39;s device identifier and location\u00a0are non-personal information and that Apple <em>&#8220;may collect, use, transfer, and disclose non-personal information for any purpose<\/em><strong>&#8220;.<\/strong><\/p>\n<p>Any purpose?<\/p>\n<p>Is it reasonable that companies like Apple can\u00a0\u00a0proclaim that device identifiers and location\u00a0are non-personal and then do whatever they want with them?\u00a0 Informed opinion seems not to agree with them.\u00a0 The <a href=\"http:\/\/www.datenschutz-berlin.de\/attachments\/193\/local_neu_en.pdf?1177594792\" class=\"broken_link\">International Working Group on Data Protection in Telecommunications<\/a>,\u00a0for example, asserted precisely the opposite as early as 2004.\u00a0\u00a0Membership of the Group included &#8220;representatives from Data Protection Authorities and other bodies of national public administrations, international organisations and scientists from all over the world.&#8221;<\/p>\n<p>More empirically, I demonstrated in <a href=\"\/?p=1154\">Non-Personal information, like where you live<\/a> that the combination of device identifier and location is\u00a0in very many cases\u00a0(including my own) personally identifying.\u00a0 This is especially true in North America where many of us live in single-family dwellings.<\/p>\n<p>[BTW, I\u00a0have not deeply investigated\u00a0the\u00a0approach to sharing of location information taken by\u00a0other smartphone providers &#8211; perhaps others can shed light on this.]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The probe is significant because it involves potentially criminal charges that could be applicable to numerous companies<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6,17,71,62,81,11],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1184"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1184"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1184\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}