Privacy groups question NTIA's focus on mobile privacy transparency

The first mobile privacy meeting hosted by the agency starts off with questions about the process

The U.S. National Telecommunications and Information Administration's first step toward developing a consensus on mobile privacy standards may be the wrong step, privacy advocates said.

The NTIA's first multistakeholder meeting on mobile privacy, Thursday in Washington, D.C., focused on ways to improve the transparency of the privacy practices of mobile apps, but several privacy advocates questioned the value of creating more transparency without rules on the way apps will use the personal data of users. Mobile privacy standards need to also address the fair collection of data, security and other issues in addition to transparency, said Susan Grant, director of consumer protection for the Consumer Federation of America.

"Transparency, in itself, has no value," added Pat Walshe, director of privacy at GSMA, a mobile carrier trade group. "People need tools, they need mechanisms, to express choice."

One mobile app asked Walshe to agree to a 21,000-word privacy policy, he said. "That was transparent, but it was useless," he added.

During much of meeting, meeting facilitator Marc Chinoy, president of the Regis Group, asked the audience of more than 200 people for ideas on how to improve mobile app transparency. Several participants offered ideas, including software that can tell mobile device users what private information they're sharing, and the use of icons to represent privacy concepts, instead of long, multipage privacy policies.

NTIA officials defended the focus on mobile transparency, saying it was a discrete area where participants in the process could possibly reach agreement. Participants in the process to develop privacy codes of conduct will decide the direction of the process in the future, said Lawrence Strickling, NTIA's administrator. "We had to start somewhere," he said.

Participants in the meeting voted on several areas that should be priorities. The group should, in the near term, develop a description of personal data used by mobile apps, should determine why data is collected and should determine what data is collected outside of an app's core functionality, participants said in a series of votes. The group should also focus on ways to notify users about the data collected in the appropriate context, they said.

But several participants urged the NTIA to take a step back and tell participants what it hopes to accomplish or describe in the multistakeholder process going forward. The NTIA's process to develop privacy standards "is unduly amorphous at this point," said Alan Raul, a privacy lawyer with the Sidley Austin law firm.

Berin Szoka, founder of free-market think tank TechFreedom, questioned whether a room full of people with "no business experience" would be able to create workable privacy standards for the mobile industry. The NTIA process will likely fail, he said, because it's led by the government and not industry.

The NTIA participants may be able to provide feedback to mobile app developers, but business decisions on privacy practices should be made "behind closed doors" by people in the industry, he said.

Much of the discussion, however, was on whether the NTIA should focus on mobile app transparency first. The NTIA process needs to define a complete set of fair information practices for mobile apps, in addition to transparency guidelines, said Chris Calabrese, legislative counsel at the American Civil Liberties Union.

"Transparency merely describes what the system is," he said. "If the system is unfair, a description of an unfair system is relatively valueless."

Other participants disagreed, saying a transparency standard would have value on its own. "Transparency alone has significant, inherent value," said Steve DelBianco, executive director of NetChoice, an e-commerce trade group. "Transparency about the status quo ... enables consumers to be informed, make choices about the services they use, or to change the settings in the services they use."

Transparency practices have "tremendous" benefits, added Jon Potter, president of the Application Developers Alliance.

App developers are interested in transparency and mobile privacy, he said. App developers want to see a single, uniform best practice for mobile privacy, he said.

"They don't like to be sued," he said. "They don't like getting letters from Congress. They don't like bad press. More importantly, they want consumers to trust their app."

Pam Dixon, executive director of the World Privacy Forum, urged participants of the NTIA process to give it a chance. "We have an opportunity to move forward and create a dialog," she said. "We have to put the consumer first. If everyone in the room can agree to that one thing, I think it will go far."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies