Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Android Google Iphone Privacy Apple Politics

Franken Bill Would Protect Consumers Location Data 90

GovTechGuy writes "Sen. Al Franken (D-Minn.) unveiled a new bill on Wednesday that would require firms like Apple and Google to obtain consent from consumers before collecting or sharing their smartphone location data with third parties. The bill would cover all mobile devices including tablets and require firms to inform consumers when they collect their data and allow them to delete it when requested."
This discussion has been archived. No new comments can be posted.

Franken Bill Would Protect Consumers Location Data

Comments Filter:
  • by Anonymous Coward

    Very cool! I love clicking "I accept" on EULAs!

    • Re:eula (Score:5, Informative)

      by i kan reed ( 749298 ) on Wednesday June 15, 2011 @02:44PM (#36454350) Homepage Journal

      You missed the second part. You can tell them to delete your location information, and they'd be compelled by law to do so. That would definetly be different.

      • Unless they have a warrant from law enforcement. Then they can ignore the request to delete.
        • I think in general, if you're concerned about warranted seizures of your information, you've got a lot else to worry about in the near future. I'm not sure I see the problem.

          • It's frightening to me how many people just don't (or refuse to) understand the heart of the problem, in that they are perfectly willing to let every tiny freedom slip away one at a time because "that doesn't affect me right now".

            You may be the favored demographic today, but as political leaders change, and, more importantly, laws change, you may find a bulls-eye on your back tomorrow when someone in power doesn't like something you say or do that was, yesterday, considered perfectly harmless.

            I would even g

            • What?

              Here is what a warrant is.

              You have actively been suspected of wrongdoing. The reasons why you might be suspected have been presented to an impartial(at least in theory, this part could always use work) judge. That judge, upon reviewing those reasons has determined that you should be investigated for possibly committing a crime. At this point you are not convicted, but data like this could be used to show whether you have done something or not. Then you get a day in court, to defned against this evi

      • And they still wouldn't delete it.
        If a user tried to sue, they'd say all their records were "anonymized", and thus no one user can claim any damages because they can't prove their records were used against their wishes.
        If any group of users tries to start a class action, they'll point to the bullshit arbitration clause (no class action suits) in the EULA.
        If a state tries to protect consumers and say "that clause is illegal", they'll just buy off the supreme court of the state.

        (Protip: All of these things h

  • Govt.? (Score:5, Insightful)

    by Joehonkie ( 665142 ) on Wednesday June 15, 2011 @02:39PM (#36454270) Homepage
    Does "third parties" include the government?
    • Exactly. Somehow it seems like The FBI (http://www.wired.com/threatlevel/2010/10/fbi-tracking-device/) should have a problem with this legislation.

    • Re:Govt.? (Score:5, Informative)

      by Jabrwock ( 985861 ) on Wednesday June 15, 2011 @02:51PM (#36454442) Homepage
      No. The bill explicitly states that it does not affect collection of data by law enforcement, or transfer of location data to law enforcement.

      That's covered under a different bill.

      http://franken.senate.gov/files/docs/110614_The_Location_Privacy_Protection_Act_of_2011_One_pager.pdf

      • by blair1q ( 305137 )

        It's covered under the 4th Amendment, unless the data are visible to the public, which Franken's bill will allow users to prevent.

        We need another Al Franken decade.

        • That's debatable, and several courts have allowed things like location trackers without warrant, and the searching of cell phones and computers. There's a new bill in the works to explicitly require warrants for electronic surveillance.
        • by JordanL ( 886154 )
          As much as I think it should be, it is by no means obvious that knowledge of a particular person's current or past locations constitutes a "search or seizure".

          Sure it's easier with a database, but police don't need a warrant to go to the coffee shop and as "has Joe Blow been here recently?" nor should they. I think this is a much more genuine debate than most people see it as, although I don't think having complete information of past locations is the same, and thus should be subject to a warrant and ju
          • by JordanL ( 886154 )
            I didn't notice at first, but you and me had a conversation over a similarly charged topic yesterday. I just wanted to say, in regard to that, that while I think you were too absolutist, you made several good points, and I hope you don't simply respond with anger to this particular comment.
          • by blair1q ( 305137 )

            You're specifying a case there that misses the point a little.

            Going to the coffee shop is public data.

            What rooms you spend the most time in at home is not, unless you give someone permission to upload your GPS data it to the web for others to see. (and yes, even with GPS's shitty accuracy it's possible to figure that out, statistically)

            • by JordanL ( 886154 )
              Which I agree with. I think that cell phone location data should be a case that requires a warrant for that reason.
              • I only use phone apps that collect my location by cell network. I don't allow fine-grained GPS information except to my GPS navigation software. I don't see the need for to-the-meter accurate data about my location to serve me appropriate advertising.

        • Re: (Score:1, Troll)

          by camperdave ( 969942 )
          Al Franken? I thought that a Franken bill was a bill with all sorts of unrelated riders on it; from the story of Frankenstein's monster.
  • Those companies will just make it part of the EULA, which you'll have to accept anyway to use the app.

    • Re:EULA (Score:5, Insightful)

      by lrobert98 ( 1936734 ) on Wednesday June 15, 2011 @02:48PM (#36454394)
      Perhaps. But at least they'll have to explicitly state that they're collecting the data and also tell you how they're sharing it. They'll also have to give you a way to delete your data. It's a big step in the right direction.
      • I'm not sure this is a good thing. If the y have to let you delete it, they have to know it's your data.

        Right now, collection is anonymous, that is, it is not tagged with your identity. If they must let you delete it, anonymity goes out the window.

        • by HTH NE1 ( 675604 )

          The data could be associated to a non-reversible hash of identity information disclosed only to you. You tell them to delete all data associated with the hash. Technically it isn't anonymous, it's pseudonymous: the hash is your pseudonym.

      • But at least they'll have to explicitly state that they're collecting the data and also tell you how they're sharing it.

        They will put this at the bottom of a 50-page EULA that no-one reads past the first page anyway.

        They'll also have to give you a way to delete your data. It's a big step in the right direction.

        This is a big step, but the fact that it doesn't apply to law enforcement makes its utility very limited.

    • by HTH NE1 ( 675604 )

      Indeed, let us know when a bill prohibits the prostitution of our personal information for services.

  • by Sierra Charlie ( 37047 ) on Wednesday June 15, 2011 @02:41PM (#36454300)

    Location sharing in Android is already opt-in, with a per-app or per-website granularity.

    • by Anonymous Coward

      And Apple doesn't share with third-parties. But this is a proposed law to keep things that way.

    • by lrobert98 ( 1936734 ) on Wednesday June 15, 2011 @02:55PM (#36454498)
      But the OS itself is doing it. [slashdot.org]
      • That's also opt-in.

        The phone asks when its first activated if you wish to allow it, and you can disable it at any time from within the preferences.

        You can also tell it not to use the GPS receiver and only track your location by cell network.

      • But it's disabled out of the box.

        It is also opt-in, and the first time you activate it you get a warning about the info sharing, and you have the option to turn it off whenever you see fit.

    • I think the law should be written to say that there must be an additional opt-in, beyond location services, if your location data is going to be stored or uploaded off your device.

    • by blair1q ( 305137 ) on Wednesday June 15, 2011 @03:02PM (#36454590) Journal

      If by "opt-in" you mean "opt-in or this app won't work even though it's not obvious at all why a game involving flinging birds at pigs would require such a thing..."

      • If you're talking about Angry Birds on Android, "coarse location data" is AdMob requirement.

        • by Anonymous Coward

          As someone who has developed with Admob, that's only true if they specifically decide to gather it to target the ads further, AdMob works just fine without.

          • by blair1q ( 305137 )

            Angry Birds works just fine in Airplane mode. Doesn't even put up a blank box where the ad it fails to fetch would go.

    • by Asdanf ( 1281936 )
      Today most browsers that can expose location prompt the user before doing so. It sounds like this bill would require the websites to also obtain explicit permission, meaning to share your location you would always have to click "ok" twice in a row. Seems like a pain; why not continue to rely on the core browser/OS to manage these permissions?
  • Yeah, read all about it in the EULA.
  • by Anonymous Coward

    Good job, Franken. Enjoy your well planned change of heart driving your new BMW.

    • by Anonymous Coward
      At least here's one Minnesotan politician that isn't a constant embarrassment to his state (*cough* Bachman *cough* Pawlenty).
  • In the best case scenario, the OS keeps track of requests for location by apps and guarantees that the first request is always preempted by a user dialog.
    In an almost worst case scenario, the OS depends on static analysis and misses dynamic calls (reflection where available) and side loaded applications that are filled with trojan functionality.
    In the worst case scenario, the OS maker buries the consent in the Terms of Service.

    I believe that every application on iOS already faces the best case, but it may b

  • FrankenBill (Score:5, Funny)

    by Culture20 ( 968837 ) on Wednesday June 15, 2011 @02:48PM (#36454400)
    Do not expose it to fire. "It's Alive!"
  • define "collecting" (Score:5, Interesting)

    by Frequency Domain ( 601421 ) on Wednesday June 15, 2011 @02:51PM (#36454432)
    Apple had the data on the device and included it in a readable format in backups to your sync machine, but they weren't "collecting" it in any meaningful sense of the word. The info wasn't being sent back to Apple or to third parties without consent, it was used as a cache to speed local operations. Is caching now considered collecting?
    • Apple had the data on the device and included it in a readable format in backups to your sync machine, but they weren't "collecting" it in any meaningful sense of the word. The info wasn't being sent back to Apple or to third parties without consent, it was used as a cache to speed local operations. Is caching now considered collecting?

      Good question. It seems the bill forbids the company from collecting the data from the phone, but there's nothing stating that the phone can't keep on recording that data.

    • technically, it wasn't actually the users location either, just the location and last date seen of cell towers.
    • While the data you specified was indeed a cache that was not being uploaded to Apple or third parties, Apple did confirm elsewhere that they do collect location data in order to crowd source the effort of locating Wi-Fi hotspots. They also mentioned that they are building some sort of automobile traffic monitoring service.

      That said, I don't see how this bill would change much. The data Apple is sent is anonymized, and they only collect it if you agree to turn on Location Services. Likewise, third parties do

      • by mkremer ( 66885 )

        Actually it could change something, if Apple is required to be able to delete the data on request then the data can not be anonymized. Unless the bill says that the requirement to delete data on request does not apply to anonymized data.

    • Re: (Score:2, Informative)

      by sexconker ( 1179573 )

      Cache comes from the Latin cogere. To collect. A cache is a collection.
      The modern (bastardized by the French) usage of a cache adds "hidden" to the meaning.

      Apple storing location data in a specific location it knows about and consumers don't (or don't have access to / full control over) is both collecting it and hiding it.
      They may not be retrieving that information, nor may they have any intent to do so.
      But they are collecting it.

    • ...they weren't "collecting" it in any meaningful sense of the word.

      How do you know?

  • This legislation is a breath of fresh air in a world where people buy and sell information about me for their marketing purposes. Let me add to this though ...

    I hope that this legislation will require that this consent must be obtained outside a standard EULA.
    I hope that this legislation can be extended to ANY device that tracks my location, such as future cars.
    I hope that this legislation can be extended to REQUIRE a warrant before any one can provide this information to the government.

  • by account_deleted ( 4530225 ) on Wednesday June 15, 2011 @02:55PM (#36454494)
    Comment removed based on user account deletion
    • by Anonymous Coward

      Franken Stein has been running amok since the Nixon administration collapsed. Thankfully he's (mostly) focused on being entertaining more than creating public policy.

  • Great idea! (Score:2, Funny)

    by Anonymous Coward

    He's good enough, he's smart enough, and dog gone it...PEOPLE LIKE HIM!!!

  • About Al (Score:5, Informative)

    by JBMcB ( 73720 ) on Wednesday June 15, 2011 @02:57PM (#36454534)

    Not to threadjack, but if we're talking about Sen. Franken...

    Al Franken reads the 4th Amendment to a justice department official defending the PATRIOT act:
    http://www.youtube.com/watch?v=6A8A7hsDOAw [youtube.com]

    Al Franken's recent vote on extending the Patriot Act (from Project VoteSmart)

    02/15/2011 Extension of Various Patriot Act Provisions HR 514 Y Bill Passed - Senate

    That Y means Yea.

    ??

    • by blair1q ( 305137 )

      Not to logicjack but "various provisions" is not an extension of all provisions, and his point in reading the 4th amendment may not have applied to the whole act.

      It's also possible (though never very sightly) that he voted quid for some pro quo elsewhere. That's how representative government works. It'd gridlock otherwise.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        that he voted quid for some pro quo elsewhere. That's how representative government works. It'd gridlock otherwise

        Which means votes can be bought. Either thru favors, the buddy system, or just not bothering to read the bill and looking to what the 'leaders' are doing ("lets pass this and see what we get").

        That is what you get. Vote buying. To the highest bidder. Do not tolerate it from your representatives even when you did/didnt vote for them.

        • by blair1q ( 305137 )

          Of course they can be bought. Nominally they're bought by the voters, who pay by returning the guy to congress for particular legislation. But voter votes are bought by the representative, either by voting for particular legislation or trading for votes that get particular legislation through while losing other legislation.

          It's not a bad system; it's just more complicated than "shut up and raise your hand the way we tell you to or we won't vote for you in November". It's what you get for boiling the resu

      • It'd gridlock otherwise

        Sounds good to me. Haven't heard of any legislations passed recently that actually solves any problems held by the people of the United States. A government that does nothing, except in situations important enough to overcome partisanship, sounds almost ideal.

    • by p0p0 ( 1841106 )
      Y means Yea.? I would have thought it meant Year. Interesting.
  • Just wondering what the definition of "mobile device" was, since many cars have been collecting location data now that many have GPS systems in them for a while.
  • My first thought was Frankenfood, Frankenstein, etc. Didn't realize until I RTFA that it's the guys name. *LOL*

  • Am I the only one who expected to see a bill made up of recycled bits and pieces of old bills, stitched together and brought back to life in a midnight session?
  • I like the disclosure aspects of the bill, but I hope it doesn't hinge on the personal aspect of the data. If data that has undergone anonymization can still be used without consent, then this bill might as well not exist.

    One of the easiest things possible is to de-anonymize anonymous location data sets. I suspect that looking at:

    • Overall geographic affinity
    • Most frequently visited locations (e.g., home and work)
    • Consistently-visited outliers

    ... would provide more than enough data to positively identify alm

  • by andi75 ( 84413 ) on Wednesday June 15, 2011 @03:41PM (#36454968) Homepage

    Asking for consent is absolutely meaningless. In order to get security updates, you'll have to accept the new EULA and will be forced to agree to whatever they ask.

    The only way out is to make it illegal to store any more data then is absolutely necessary (e.g. a train time table app only needs your location *now* to find the nearest station, but has no business of retaining that data) for the normal operation of the application.

    • by Dahamma ( 304068 )

      Yeah, it immediately reminded me of the 40+ page EULA I had to agree to just to update my already-purchased-apps from the iTunes store. Not to mention they seem to update this absurd EULA about every week, asking you to approve it every time. I'm pretty sure I have now agreed to become a human centipede.

      What Franken *should* be doing is passing legislation that makes any EULA that can't reasonably be expected to be read by the average consumer (say, a 40 page document displayed on an iPhone screen and upd

    • Funny you should mention this. On Android you get a separate EULA for the location tracking which you can disable at any time (or rather enable at any time since it comes disabled out of the box).

  • So they want to restrict private companies from collecting and sharing someone's location data, yet the federal government is planning on implementing a rule that requires someone flying in a private plane to have a verified and approved security threat before they will prevent the government's location tracking to be made public. http://www.nbaa.org/ops/security/barr/20110318-barr-bolen-aopa.php [nbaa.org]
    This is referred to as the TMZ bill since it will allow paparazzi to know the location of celebrities. It will al

  • why stop at mobile?
  • by Anonymous Coward

    All I can see is that I made 1 political donation, and now the FCC posted my information, name, address, age, political affiliations, and an insight into my financial status (how much I donated is how much disposable income I had at that time,) all over the internet for anyone to see. At no time was I warned that this would happen, nor did I opt in.

    I've opted into Google's services, and not 1 shred of my information shows up from that on the internet.

    I can't comment on Apple as I haven't given them the oppo

  • Has it been stitced together from badly matching parts, equipped with the brain of a psychotic killer and brought to life with a bolt of lightning?

    Disclaimer: I didn't read TFA, so I am jusr exercising my inalienable right to shoot off my mouth without checking facts.

  • " Lies and the Lying Liars Who Tell Them is a satirical book on American politics by comedian, political commentator and now Senator Al Franken, published in 2003 link [wikipedia.org] - Amazon.com Review [amazon.com]

Per buck you get more computing action with the small computer. -- R.W. Hamming

Working...