Last year, owners of the Leaf, Nissan’s hot new electric car, got an unfortunate surprise along with their phenomenal 99 miles per gallon: a sharp-eyed security blogger revealed that Leafs secretly reported their owners’ location, speed and direction to websites that other users could then access through a built-in RSS reader. Nissan did not warn customers that this information was being passed on to various third parties without their consent. Leaf owners are hardly alone. In the past few years, there have been reports that iPhones and Android smart phones have been secretly sending Apple and Google information on users’ whereabouts.
Locational privacy is the next frontier in the privacy wars. More than 110 million Americans have smart phones, and millions more have GPS devices and other high-tech gadgets that keep track of where they are. Companies are eager to know our whereabouts in order to serve up location-based ads and services — you’re taking a business trip, and all of a sudden you’re getting offers online from local restaurants. And app makers are selling apps like the now infamous Girls Around Me that allow people to follow other people.
The trouble is, a lot of us do not want big corporations — or the government or strangers — knowing our comings and goings. Minnesota Democratic Senator Al Franken has drafted a bill that would require companies to get customers’ consent before collecting data on their location or sharing it with nongovernmental third parties. The act has solid bipartisan support. That is not surprising for a piece of legislation informally known as the Stalking Apps Bill. But industry may yet succeed in blocking it.
To put it simply, privacy law in the U.S. is a mess. We do not have any major, overarching federal protections; instead, there are a few laws that focus on discrete issues (health care privacy, privacy for children) or specific situations. For example, there is a law that makes it illegal for companies that offer phone service to freely disclose customers’ locations, but the same rule does not apply to companies offering Internet service.
Our movements reveal a great deal about who we are. A record of our locations over time can reveal whether we go to tent revivals or radical political meetings, abortion clinics or AIDS doctors. A smart phone essentially creates a dossier of your travels, and consumers have no control over who will eventually see that information. But the Franken bill is also aimed at an even more troubling use of location data: stalking people in real time. In written Senate testimony, advocates for domestic-violence victims told the story of a northern Minnesota woman whose abuser tracked her through her smart phone. When the woman went to a domestic-violence shelter, she received a text message asking why she was there. When she went to a courthouse to take out an order of protection, her abuser texted again, this time asking why she was in the courthouse and whether she was getting an order of protection.
The bill would rein in the use of a variety of technologies that track people’s movements, including so-called stalker apps. Last year, there was a blowup over the Girls Around Me app, which uses the location-based social-networking service Foursquare to find women in the area who have checked in. The app, which was sold at the Apple App Store until it was pulled, allowed people to use Facebook to find the women’s full names and profile photos. There are many other stalker apps, including one that allows people to physically track others using data from their Flickr and Twitter accounts; it is aptly called Creepy.
Franken’s bill should sail through Congress, but it may not. There is a lot of money to be made in tracking people’s locations and selling apps that track them. Business groups are arguing that tech businesses should be allowed to regulate the problem themselves — and they are warning that the Franken bill could stymie the burgeoning app industry.
The privacy issues, however, should far outweigh these business interests. It is shocking that there are no federal laws that regulate how location information can be collected and used. If we are to have any privacy at all in this new world of smart phones and stalker apps, Congress has to fill that gap.