Skip to main content

Contrary to what might be expected, privacy policies for apps are rarely written with protecting your privacy as the primary goal.

Reuters

Back in 1984, the prospect that most adults might some day carry small devices that not only perform location tracking but also keep track of phone calls and social interactions would have seemed … Orwellian. Yet, slightly more than a quarter of a century later, many of us choose to carry smartphones or tablets that collect that information and often much more.

It is helpful to keep this in mind when considering the latest dust-up involving privacy and mobile devices, this time involving a company called Carrier IQ. To recap: In November, 2011, a security researcher named Trevor Eckhart posted an analysis and then a YouTube video appearing to show that Carrier IQ's software, which is installed on tens of millions of smartphones in the United States, logs mobile phone keystrokes and text messages. This led to a rapidly cascading series of events that has included a dubious cease-and-desist letter from Carrier IQ to Mr. Eckhart, an apology from Carrier IQ after the Electronic Frontier Foundation interceded on Mr. Eckhart's behalf, letters from several members of Congress, multiple class-action lawsuits against Carrier IQ and its corporate customers, including Samsung and HTC, and a reported U.S. government probe.

The most serious charges against Carrier IQ stem from the possibility that data was collected without user consent – in other words, that the people on whose phones Carrier IQ is installed weren't given the choice to "opt in." If Carrier IQ indeed has been acquiring and using data inappropriately, it should be held accountable.

Story continues below advertisement

But it is also important not to let the Carrier IQ scandal divert attention from a trend in mobile privacy that may be far more important in the long run: Opting in to the monitoring and tracking technologies used in today's sophisticated mobile "apps" increasingly means opting out of privacy. In fact, you would probably be shocked to know how much information about your life has been collected and distributed with your consent, and is now in the hands of hundreds of companies providing social-networking services, games and advertising for mobile devices.

How did this happen?

A good place to start is with the privacy policies that you accept by clicking "I agree" when downloading new mobile apps. Contrary to what might be expected, these policies are rarely written with protecting your privacy as the primary goal. Instead, they are designed, in part, to enable companies in what the industry calls the "mobile marketing value chain" to extract as much information about you as possible in order to deliver targeted marketing and advertising.

Various linguistic sleights of hand are employed to achieve this goal. For example, knowing that consumers are justifiably uncomfortable with the collection of personal information, many privacy policies deem the "unique device identifier" – which is akin to a mobile social insurance number tied to your specific mobile phone or tablet – to be non-personal. The usage patterns and location of your device are also typically categorized as non-personal, even though today's tracking technologies can often pinpoint devices to a specific home or commercial building.

In addition, privacy policies often specify that this data can be shared with third parties, who in turn combine it with information about your device usage obtained from other companies to build a more complete profile of your overall behaviour. Information about where you sleep, where you work, when and how you use social networking, gaming applications and other wireless services is logged, aggregated, analyzed and resold, all while technically avoiding privacy's third rail of "personal information."

Legal gymnastics aside, it's hard to make a straight-faced argument that this information is not personal. App providers know this information is personal. Their advertising partners understand this as well. In late 2010, a representative of the Mobile Marketing Association, which has more than 700 member companies, told the Wall Street Journal, "In the world of mobile, there is no anonymity."

That may be technically true, and there are certainly situations – for example, in connection with law enforcement investigations – where the ability to track the behaviour of an individual wireless user can be critically important. But that doesn't mean that all of the advertisers, marketers and other participants in the mobile ecosystem deserve complete access to every scrap of data about our wireless activities.

Story continues below advertisement

Clearly, they don't. But unless we are as demanding about mobile privacy as we are about mobile convenience, opting in to mobile products is going to increasingly mean opting out of privacy.

John Villasenor is a professor of electrical engineering at UCLA and a non-resident senior fellow at the Brookings Institution. He is a key speaker at Beware of Surveillance by Design, a symposium on freedom and privacy taking place in Toronto on Friday, Jan. 27.

Report an error
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

If your comment doesn't appear immediately it has been sent to a member of our moderation team for review

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.